Values for content-security-policy-report-only: default-src 'self' www.google.com www.gstatic.com img6.wsimg.com *.secureserver.net collect.tealiumiq.com *.akamaihd.net c.go-mpulse.net *.akstat.io www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googletagmanager.com *.godaddy.com data:;font-src * data: blob:;style-src 'self' 'unsafe-inline' img6.wsimg.com www.gstatic.com;script-src * data: blob: 'unsafe-inline' 'unsafe-eval';img-src * data: blob:;connect-src * data: blob:;frame-src * data: blob:;report-uri /forsale/api/csp-reports 335 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 202 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 157 default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 93 83 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport 65 default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://api.mapbox.com https://*.tiles.mapbox.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 64 default-src https: blob:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data: blob:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport/reportHttp 45 frame-ancestors 'self' 36 default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.teststagram.com *.instagram.com static.cdninstagram.com *.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.instagram.com *.teststagram.com static.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self' *.teststagram.com wss://edge-chat.instagram.com connect.facebook.net;font-src *.facebook.com data: fonts.gstatic.com *.fbcdn.net *.instagram.com *.teststagram.com static.cdninstagram.com *.intern.facebook.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: blob: *.cdninstagram.com *.fbsbx.com android-webview-video-poster: *.giphy.com *.teststagram.com *.igsonar.com *.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob:;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data:;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 29 default-src *; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src *; style-src 'unsafe-inline' *; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit 28 default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 26 report-uri /report-csp-violation 24 default-src 'self'; img-src * data:; media-src *; font-src * https://*.aptrinsic.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' sf.wildapricot.org caas-sf.wildapricot.org https://fonts.gstatic.com https://fonts.googleapis.com https://*.aptrinsic.com https://*.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' sf.wildapricot.org caas-sf.wildapricot.org https://*.google-analytics.com https://*.googleadservices.com ajax.googleapis.com https://*.newrelic.com https://*.aptrinsic.com https://*.uservoice.com https://*.elev.io https://*.zdassets.com https://*.pagespeed-mod.com; connect-src 'self' https://*.aptrinsic.com https://*.elev.io https://wildapricot.zendesk.com https://ekr.zdassets.com wss://widget-mediator.zopim.com; report-uri https://csp.uel.wildapricot.com/report 22 default-src 'self' 21 default-src https:;script-src https: 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors 'none';base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log 18 block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 17 default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; 17 default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 15 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com wss://*.hotjar.com wss://*.qualified.com 'self'; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=cmscache 14 frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 14 default-src 'self'; connect-src 'self' https://*.intentmedia.net https://*.etraveligroup.net https://*.doubleclick.net https://*.adform.net https://www.google-analytics.com https://widgets.hotels.com https://bat.bing.com https://etgrs2.com https://*.akstat.io https://*.go-mpulse.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.etraveli.com https://*.etraveligroup.com https://*.cdn-net.com https://bat.bing.com https://www.googletagmanager.com https://connect.facebook.net https://pay.google.com https://adtr.io https://*.bidr.io https://tag.yieldoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.intentmedia.net https://*.adform.net https://*.mouseflow.com https://*.nrich.ai https://*.doubleclick.net https://*.eancdn.com https://*.bidswitch.net https://green.erne.co https://*.rentalcars.com https://widget.trustpilot.com https://www.googleadservices.com https://cdn.klarna.com https://maps.googleapis.com https://widget.getyourguide.com https://widgets.hotels.com https://*.klarnacdn.net https://*.go-mpulse.net; style-src 'self' 'unsafe-inline' data: blob: https://widgets.hotels.com https://fonts.googleapis.com; img-src 'self' data: https://*.etraveli.com https://*.visualwebsiteoptimizer.com https://*.bidswitch.net https://*.doubleclick.net https://*.nrich.ai https://*.hybrid.ai https://*.w55c.net https://*.adsrvr.org https://*.rlcdn.com https://*.bidr.io https://*.seadform.net https://green.erne.co https://tag.yieldoptimizer.com https://dpm.demdex.net https://*.adform.net https://*.zemanta.com https://beacon.krxd.net https://sd.turn.com https://*.google-analytics.com https://maps.googleapis.com https://tag.adaraanalytics.com https://www.facebook.com https://widgets.hotels.com https://bat.bing.com https://www.google.com https://www.google.se https://maps.gstatic.com https://www.googletagmanager.com https://*.akstat.io; font-src 'self' https://fonts.gstatic.com https://widgets.hotels.com; frame-ancestors 'self'; frame-src 'self' https://pay.google.com https://*.cdn-net.com https://*.cdn.intentmedia.net https://www.facebook.com https://widget.getyourguide.com https://system.etrack1.com https://widgets.hotels.com https://secure.rentalcars.com https://widget.trustpilot.com; object-src 'self' https://*.cdn-net.com 13 default-src 'self'; img-src 'self' *.bing.com *.clarity.ms *.theaccessgroup.com accessgroup-website-v8-preview.azureedge.net accessgrouppreviewweb.azureedge.net accessgroupuatweb.azureedge.net accessgroupweb.azureedge.net cdn.jsdelivr.net id.rlcdn.com match.prod.bidr.io px.ads.linkedin.com px4.ads.linkedin.com segments.company-target.com *.blob.core.windows.net *.placeholder.com *.doubleclick.net www.google.co.uk www.google.com bat.bing.com www.google-analytics.com www.facebook.com www.google-analytics.com data: cdn.bizible.com; script-src 'self' 'unsafe-inline' cdn-3.convertexperiments.com ucalc.pro *.clarity.ms *.ucalc.pro analytics.twitter.com npmcdn.com app-lon05.marketo.com pages.theaccessgroup.com tracker.gaconnector.com api.ipify.org bat.bing.com static.ads-twitter.com snap.licdn.com www.googleadservices.com connect.facebook.net tag.demandbase.com tags.srv.stackadapt.com snap.licdn.com www.google-analytics.com www.googleadservices.com www.youtube.com secure.perk0mean.com static.hotjar.com script.hotjar.com widget.surveymonkey.com googleads.g.doubleclick.net www.googletagmanager.com code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net munchkin.marketo.net cdn.bizible.com; style-src 'self' 'unsafe-inline' *.ucalc.pro tags.srv.stackadapt.com app-lon05.marketo.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com pro.fontawesome.com use.typekit.net p.typekit.net; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com pro.fontawesome.com;connect-src *.clarity.ms *.mktoresp.com in.hotjar.com api.company-target.com tags.srv.stackadapt.com bat.bing.com www.google-analytics.com stats.g.doubleclick.net;frame-src *.ucalc.pro vars.hotjar.com app-lon05.marketo.com www.youtube.com player.vimeo.com www.facebook.com *.doubleclick.net; 13 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 13 connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src https: blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 12 default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net https://*.intercomcdn.com https://*.datadoghq-browser-agent.com; font-src 'self' https://*.intercomcdn.com *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com http://*.outbrain.com blob:; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-uri /rest/trackers/csp; 12 default-src http: 'self' 'unsafe-inline' 'unsafe-eval' 112.2o7.net 247-inc.net *.247-inc.net adobedtm.com adsrvr.org adyen.com *.adyen.com amazon-adsystem.com amazonaws.com *.amazonaws.com analytics.yahoo.com api.bazaarvoice.com atdmt.com bazaarvoice.com bing.com bluecore.com *.bluecore.com braintree-api.com *.braintree-api.com *.braintreegateway.com btttag.com *.btttag.com cloudflare.com *.cloudflare.com cloudfront.net *.cloudfront.net columbia.com cookielaw.org *.cookielaw.org cquotient.com *.cquotient.com criteo.com criteo.net curalate.com *.curalate.com curations.bazaarvoice.com da.us.criteo.net demandware.net *.demandware.net demdex.net *.demdex.net doubleclick.net dstillery.com *.dstillery.com emjcd.com *.emjcd.com facebook.com *.facebook.com facebook.net *.facebook.net feedmagnet.com *.feedmagnet.com fit-predictor.net fls.doubleclick.net api2.fonts.com fonts.net fullstory.com *.fullstory.com g.doubleclick.net google-analytics.com google.ae google.at google.be google.bs google.ca google.ch google.cl google.co.cr google.co.id google.co.il google.co.in google.co.kr google.co.nz google.co.th google.co.uk google.co.ve google.co.vi google.co.za google.com google.com.ar google.com.au google.com.bo google.com.br google.com.bz google.com.co google.com.do google.com.ec google.com.eg google.com.hk google.com.mx google.com.my google.com.ng google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.sg google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vn google.cz google.de google.dk google.es google.fi google.fr google.hn google.ie google.is google.it google.jo google.lk google.lt google.md google.rs google.se google.sk google.tt googleadservices.com googleapis.com googlesyndication.com googletagmanager.com gstatic.com honey.io hotjar.com hotjar.io inmoment.com *.inmoment.com instagram.com joinhoney.com jquery.com krxd.net *.krxd.net *.lgw.io lgw.io locally.com media6degrees.com microsoft.com *.microsoft.com mountainhardwear.ca mountainhardwear.com newrelic.com nexus.bazaarvoice.com nr-data.net *.nr-data.net onetrust.com *.onetrust.com paypal.com *.paypal.com paypalobjects.com *.paypalobjects.com pinimg.com pinterest.com prana.com reviews.bazaarvoice.com assets.revlifter.io scene7.com *.scene7.com sorel.com sspinc.io *.sspinc.io tremorhub.com truefitcorp.com *.truefitcorp.com tt.omtrdc.net typekit.net *.typekit.net ugc.bazaarvoice.com us.criteo.com va.us.criteo.net vimeo.com vimeocdn.com yahoo.com youtube.com ytimg.com zdassets.com *.zdassets.com zendesk.com *.zendesk.com zopim.com *.zopim.com data: blob:; 12 default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline';report-uri https://metrics.media-amazon.com/ 11 frame-ancestors 'self'; report-uri https://www.couriermail.com.au/csp-reports 11 default-src https: data: 'unsafe-inline' 'unsafe-eval' 11 default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 11 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /opt/csp-violation-report.php 10 default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 10 default-src 'self'; base-uri 'self'; connect-src 'self' https://www.googletagmanager.com/ https://*.facebook.com https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://*.instana.io wss://mpsnare.iesnare.com https://*.usercentrics.eu https://api.personio.de/recruiting/applicant https://bat.bing.com/actionp/; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.instana.io; frame-ancestors 'self' https://www.meinestadt.de https://secure1.parship.com https://secure1.eharmony.com https://secure1.elitepartner.de https://*.parship.dev; frame-src https:; object-src 'none'; worker-src 'self'; img-src 'self' data: http: https: https://*.instana.io; font-src data: 'self' https://www.sovendus.com/banner-responsive/; style-src 'self' 'unsafe-inline' https://www.sovendus.com https://*.custhelp.com https://translate.googleapis.com; media-src 'self'; report-uri /ls/?reportOnly=true 10 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 10 font-src 'self' https: data:; report-uri https://o98504.ingest.sentry.io/api/5871000/security/?sentry_key=7d320f4323694d468bd1a75eba48d37f&sentry_environment=production 10 style-src https://*.americanexpress.com/ https://e3.insurance.online-eapp.com/ https://secure.cmax.americanexpress.com/ 'unsafe-inline' 'self' https://cdn.vivocha.com/ https://stackpath.bootstrapcdn.com/ https://fonts.googleapis.com/ https://cloud.webtype.com/ https://*.aexp-static.com/ https://cloud.typenetwork.com/ https://*.typekit.net/; script-src https://www.americanexpress.com.tr/ 'self' https://assets.delvenetworks.com/ https://cdn.taboola.com/ https://ds-aksb-a.akamaihd.net/ https://s.yjtag.jp/ https://www.cdn-path.com/ https://googleads.g.doubleclick.net/ https://cdn.smartnews-ads.com/ https://www.gstatic.com/ https://s.yimg.com/ https://js-cdn.dynatrace.com/ https://www.googleadservices.com/ https://*.hotjar.com/ https://aexp.demdex.net/ https://*.yahoo.co.jp/ https://secure.cmax.americanexpress.com/ https://*.ladsp.com/ https://d5phz18u4wuww.cloudfront.net/ https://img.en25.com/ https://accdn.lpsnmedia.net/ https://s.yimg.jp/ https://bat.bing.com/ https://*.omtrdc.net/ https://aa.agkn.com/ https://bam-cell.nr-data.net/ https://ads.avocet.io/ https://webgwy.neustar.biz/ https://va.v.liveperson.net/ https://unpkg.com/ https://acdn.adnxs.com/ https://cdnssl.clicktale.net/ https://*.bootstrapcdn.com/ https://c.evidon.com/ https://secure.leadforensics.com/ 'unsafe-eval' https://cdnjs.cloudflare.com/ https://assets.adobedtm.com/ 'unsafe-inline' https://use.typekit.net/ https://dsp-media.eskimi.com/ https://sp10056b1c.guided.ss-omtrdc.net/ https://*.d41.co/ https://*.liveperson.net/ https://*.vivocha.com/ https://script.crazyegg.com/ https://code.jquery.com/ https://www.cdn-net.com/ https://js-agent.newrelic.com/ https://*.exactag.com/ https://so.rlcdn.com/ https://dev.visualwebsiteoptimizer.com/ https://www.americanexpress.com.kw/ https://analytics.tiktok.com/ https://service.maxymiser.net/ https://ads.avct.cloud/ https://www.americanexpress.com.mo/ https://www.googletagmanager.com/ https://*.aexp-static.com/ https://www.youtube.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://tag.bounceexchange.com/ https://*.americanexpress.com/ https://e3.insurance.online-eapp.com/ https://cdn.appdynamics.com/ https://*.google-analytics.com/ https://ct.contentsquare.net/ https://nexus.ensighten.com/ https://mc.yandex.ru/ https://*.googleapis.com/ https://www.americanexpress.com.sa/ https://www.amexpressnetwork.com/ https://sc-static.net/ http://ajax.googleapis.com/ https://www.google.com/; base-uri 'self' https://www.aexp-static.com/; plugin-types image/svg+xml; form-action https://www.cdn-net.com/ https://www.facebook.com/ https://amexhk.chubbtravelinsurance.com/ 'self' https://www.axa-travel-insurance.com/ https://tr.snapchat.com/ https://*.custhelp.com/ https://global.americanexpress.com/ https://online.americanexpress.com.sa/ https://www.cdn-path.com/ https://gi.zurich.com.hk/; frame-src https://*.americanexpress.com/ https://icm.aexp-static.com/ https://cdn.appdynamics.com/ https://*.demdex.net/ https://www.youtube-nocookie.com/ https://www.americanexpress.com.qa/ https://player.vimeo.com/ https://um.ladsp.com/ https://www.cdn-path.com/ https://vars.hotjar.com/ https://www.cdn-net.com/ https://*.doubleclick.net/ https://www.facebook.com/ https://s.amazon-adsystem.com/ https://i1.vivocha.com/ https://va.v.liveperson.net/ https://www.americanexpress.com.kw/ https://youtube.com/ https://www.google.com/ https://www.youtube.com/ https://youtu.be/; img-src data: 'self' https:; connect-src https://amexhk.chubbtravelinsurance.com/ https://vid1029.d41.co/ 'self' https://stats.g.doubleclick.net/ https://*.vivocha.com/ https://*.custhelp.com/ https://script.crazyegg.com/ https://ds-aksb-a.akamaihd.net/ https://*.contentsquare.net/ https://www.cdn-path.com/ https://www.google-analytics.com/ https://ing-district.clicktale.net/ https://www.cdn-net.com/ https://functions.aexp.com/ https://s.yimg.com/ https://www.axa-travel-insurance.com/ https://dev.visualwebsiteoptimizer.com/ https://www.googleadservices.com/ https://analytics.tiktok.com/ https://bf93265vfe.bf.dynatrace.com/ https://*.aexp-static.com/ https://*.hotjar.com/ https://siteintercept.qualtrics.com/ https://online.americanexpress.com.sa/ https://images.trvl-media.com/ https://*.americanexpress.com/ https://secure.cmax.americanexpress.com/ https://dpm.demdex.net/ https://trc-events.taboola.com/ https://tr.snapchat.com/ https://lib-us-1.brilliantcollector.com/ https://bat.bing.com/ https://dining-offers-prod.amex.r53.tuimedia.com/ https://gi.zurich.com.hk/ https://bam-cell.nr-data.net/ https://www.facebook.com/ https://vc.hotjar.io/ https://aeopprodvip.acxiom.com/ https://c.evidon.com/ https://www.google.com/ wss://*.hotjar.com/ https://col.eum-appdynamics.com/ data:; object-src 'self' https://icm.aexp-static.com/; worker-src 'self' blob:; media-src https://origin-slgem.americanexpress.com/ https://www.aexp-static.com/ https://*.llnw.net/ 'self' http://production.smedia.lvp.llnw.net/; frame-ancestors 'none'; font-src https://e3.insurance.online-eapp.com/ https://www.aexpstatic.com/ https://fonts.gstatic.com/ https://use.typekit.net/ 'self' https://cdn.vivocha.com/ https://*.aexp-static.com/ https://cloud.typenetwork.com/ data:; 9 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 9 object-src 'none'; script-src 'none'; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 9 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com; 9 default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; img-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com data:; font-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com data:; form-action 'self'; frame-ancestors 'self'; 9 default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://app.vwo.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://cdn-sp.kertn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' localhost:40000 https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://cdn-sp.kertn.net *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://cdn-sp.kertn.net https://app.vwo.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 9 report-uri https://cspr.app.rbb-cloud.de/cspr/;frame-ancestors 'self' https://www.rbb24.de https://*.rbb-online.de https://www.radioeins.de https://www.fritz.de https://www.antennebrandenburg.de https://www.inforadio.de https://www.rbb888.de; 8 default-src https:; report-uri /csp-violation-report-endpoint/ 8 report-uri /report-csp-violation; upgrade-insecure-requests 8 default-src 'self'; 8 font-src *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.trustpilot.com *.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com https://maps.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.trustpilot.com https://maps.googleapis.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.googleapis.com *.google.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.trustpilot.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com https://maps.googleapis.com https://*.ingest.sentry.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 8 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com/ https://siteimproveanalytics.com https://koi-3qneci618a.marketingautomation.services https://ajax.googleapis.com https://koi-3qneci618a.marketingautomation.services https://tag.perfectaudience.com https://js.hs-scripts.com https://cdn.krxd.net https://beacon.krxd.net https://consumer.krxd.net https://cdn.krxd.net https://tag.simpli.fi https://code.jquery.com https://i.simpli.fi https://koi-3qneci618a.marketingautomation.services https://googleads.g.doubleclick.net https://snap.licdn.com https://tag.simpli.fi https://connect.facebook.net https://ajax.googleapis.com https://fws-weblink.com/api/ContactApi/Script https://code.jquery.com/jquery-3.4.1.min.js https://www.fws-weblink.com/api/ContactApi/Script https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://assets.ubembed.com/universalscript/releases/v0.178.1/bundle.js https://connect.facebook.net/signals/config/238169956748791 https://www.googletagmanager.com/gtm.js https://0ce1090bc3e344a4b7788246717cf06b.js.ubembed.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/482035107/ https://services.xg4ken.com/js/kenshoo.js https://static.hotjar.com/c/hotjar-1550586.js https://www.googleadservices.com/pagead/conversion_async.js https://www.google-analytics.com https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js https://acsbap.com/api/app/assets/js/acsb.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js https://cdn.segmint.net/segmint.min.js https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://prism.app-us1.com/ https://sitesearch360.com/cdn/sitesearch360-v10.min.js https://ssl.google-analytics.com/ga.js https://www.googleadservices.com/pagead/conversion_async.js; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css https://fonts.googleapis.com https://use.typekit.net https://use.fontawesome.com https://p.typekit.net https://cdn.segmint.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://use.typekit.net https://use.fontawesome.com https://p.typekit.net https://cdn.segmint.net https://cdnjs.cloudflare.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.fws-weblink.com/api/ContactApi/UploadFile https://www.fws-weblink.com/api/ContactApi/ValidateCaptcha https://www.fws-weblink.com/api/ContactApi/RefreshCaptcha https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.segmint.net https://cdn.acsbapp.com https://cdn.segmint.net; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://use.typekit.net; frame-src 'self' https://fast.wistia.net https://rcbut.secure.fundsxpress.com https://stats.g.doubleclick.net https://rblnj.secure.fundsxpress.com https://9206122.fls.doubleclick.net https://cdn.krxd.net https://bid.g.doubleclick.net https://9441832.fls.doubleclick.net https://connect.segmint.net https://zhnbam.secure.fundsxpress.com https://d1eoo1tco6rr5e.cloudfront.net https://insight.adsrvr.org; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://bcp.crwdcntrl.net https://82554.global.siteimproveanalytics.io https://beacon.krxd.net https://fast.wistia.net https://stats.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://www.fws-weblink.com https://78763.global.siteimproveanalytics.io https://www.facebook.com https://www.google.com https://1179.xg4ken.com https://www.google-analytics.com https://ssl.google-analytics.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 8 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/marketing_platform 7 block-all-mixed-content; report-uri https://dmgm.report-uri.com/r/t/csp/reportOnly 7 frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 7 default-src 'self' data: blob: *.verisign.com; img-src 'self' data: *.verisign.com *.siteimproveanalytics.io *.brightcove.com *.prod.boltdns.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com polyfill.io assets.adobedtm.com siteimproveanalytics.com players.brightcove.net *.zencdn.net *.verisign.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.prod.boltdns.net *.brightcove.com *.akamaihd.net *.greenhouse.io *.verisign.com; worker-src blob: 7 child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/ 7 report-uri https://reporting.go-mpulse.net/report/FDSGP-LEB9B-T8Y2A-5V5ED-9WX2T 7 default-src 'self' wdr.de *.wdr.de ; img-src * data: ; script-src 'self' wdr.de *.wdr.de 'unsafe-inline' 'unsafe-eval' cdn.bunchbox.co script.ioam.de *.de.ioam.de de-config.sensic.net cdn-gl.nmrodam.com www.bing.com cdn.ampproject.org cdn.tickaroo.com dev.virtualearth.net connect.facebook.net platform.twitter.com www.instagram.com www.gstatic.com www.tagesschau.de wdr.wdrmg-digital.de ; style-src 'self' wdr.de *.wdr.de 'unsafe-inline' wdr.wdrmg-digital.de *.tickaroo.com ; font-src 'self' wdr.de *.wdr.de data: fonts.gstatic.com/ ; media-src 'self' wdr.de *.wdr.de *.icecastssl.wdr.de wdrmedien-a.akamaihd.net wdradaptiv-vh.akamaihd.net *.akamaized.net blob: ; frame-src 'self' wdr.de *.wdr.de cdn-gl.nmrodam.com de-config.sensic.net www.youtube-nocookie.com platform.twitter.com datawrapper.dwcdn.net www.instagram.com www.facebook.com www.tagesschau.de *.tickaroo.com ; connect-src 'self' wdr.de *.wdr.de *.planet-wissen.de wdrmedien-a.akamaihd.net wdradaptiv-vh.akamaihd.net www.tageschau.de cdn.ampproject.org *.akamaized.net *.sensic.net *.tickaroo.com ; child-src 'self' wdr.de *.wdr.de blob: ; frame-ancestors 'self' wdr.de *.wdr.de ; object-src 'self' wdr.de *.wdr.de ; manifest-src 'self' wdr.de *.wdr.de ; report-uri https://www.wdr.de/php/csp-reporting/logcspr.php 7 default-src 'self'; frame-ancestors 'self' *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de; frame-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de streaming.talk42.de app.datawrapper.de datawrapper.dwcdn.net 'self'; style-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de https://cdn.leafletjs.com/leaflet/v0.7.7/ https://cdnjs.cloudflare.com/ajax/libs/leaflet.markercluster/0.4.0/ 'unsafe-inline'; img-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de data: 'unsafe-inline'; script-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de https://ssl.p.jwpcdn.com/player/ https://www.youtube.com https://s.ytimg.com/yts/jsbin/ https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/ https://vjs.zencdn.net/5.9.2/ 'unsafe-inline'; font-src *.bundesregierung.de *.bundeskanzler.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de *.g7germany.de *.germany4ukraine.de https://ssl.p.jwpcdn.com data: 'self'; media-src *.bundesregierung.de 'self'; 7 base-uri 'none'; report-uri https://vault.gostatera.com/collect/csp 7 default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 7 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://forms.hsforms.com https://static.hotjar.com https://wsv3.audioeye.com https://googleads.g.doubleclick.net https://js.createsend1.com https://cds-sdkcfg.onlineaccess1.com https://www.google-analytics.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://connect.facebook.net https://cdn.krxd.net https://beacon.krxd.net https://consumer.krxd.net https://code.jquery.com https://connect.facebook.net https://wsmcdn.audioeye.com https://wsv3cdn.audioeye.com https://stackpath.bootstrapcdn.com/ https://www.timevaluecalculators.com/ https://s3.tradingview.com https://cdn.jsdelivr.net https://fws-weblink.com/api/ContactApi/Script https://code.jquery.com/jquery-3.4.1.min.js https://www.fws-weblink.com/api/ContactApi/Script https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1/jquery-ui.min.js https://assets.ubembed.com/universalscript/releases/v0.178.1/bundle.js https://connect.facebook.net/signals/config/238169956748791 https://www.googletagmanager.com/gtm.js https://0ce1090bc3e344a4b7788246717cf06b.js.ubembed.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/482035107/ https://services.xg4ken.com/js/kenshoo.js https://static.hotjar.com/c/hotjar-1550586.js https://www.googleadservices.com/pagead/conversion_async.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js https://acsbap.com/api/app/assets/js/acsb.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js https://cdn.segmint.net/segmint.min.js https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://prism.app-us1.com/ https://sitesearch360.com/cdn/sitesearch360-v10.min.js https://ssl.google-analytics.com/ga.js https://www.googleadservices.com/pagead/conversion_async.js; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://wsv3cdn.audioeye.com https://www.timevaluecalculators.com/ https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css https://ajax.googleapis.com/ajax/libs/jqueryui/1/themes/blitzer/jquery-ui.css https://fonts.googleapis.com https://use.typekit.net https://use.fontawesome.com https://p.typekit.net https://cdn.segmint.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.timevaluecalculators.com/ https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com/ajax/libs/jqueryui/1/themes/blitzer/jquery-ui.css https://fonts.googleapis.com https://use.typekit.net https://use.fontawesome.com https://p.typekit.net https://cdn.segmint.net https://cdnjs.cloudflare.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hubspot.com https://zalywzdew6.execute-api.us-west-2.amazonaws.com https://analytics.audioeye.com https://api.hubapi.com https://www.fws-weblink.com/api/ContactApi/UploadFile https://www.fws-weblink.com/api/ContactApi/ValidateCaptcha https://www.fws-weblink.com/api/ContactApi/RefreshCaptcha https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.segmint.net https://cdn.acsbapp.com https://cdn.segmint.net; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://use.typekit.net; frame-src 'self' https://www.youtube.com https://rcbut.secure.fundsxpress.com https://wsv3cdn.audioeye.com https://bid.g.doubleclick.net https://cdn.krxd.net https://9441832.fls.doubleclick.net https://s.tradingview.com https://connect.segmint.net https://zhnbam.secure.fundsxpress.com https://d1eoo1tco6rr5e.cloudfront.net https://insight.adsrvr.org; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://beacon.krxd.net https://f.hubspotusercontent20.net https://forms.hsforms.com https://track.hubspot.com https://www.fws-weblink.com https://78763.global.siteimproveanalytics.io https://www.facebook.com https://www.google.com https://1179.xg4ken.com https://www.google-analytics.com https://ssl.google-analytics.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 7 default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 6 default-src 'self'; media-src https://static.zdassets.com; connect-src 'self' wss: https://protonmail.zendesk.com https://ekr.zdassets.com blob: https://account.proton.me https://reports.proton.me https://*.algolia.net https://*.algolianet.com https://go.getproton.me; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://static.zdassets.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; object-src 'self' data: blob:; frame-src 'self' data: blob: https://www.youtube-nocookie.com; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'self'; 6 default-src https: 'unsafe-inline' 'unsafe-eval' 6 script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 6 default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; img-src https: blob: data:; font-src https: blob: data:; frame-ancestors *.calypso.net.au *.flightcentre.com.au *.flightcentre.co.za *.flightcentre.co.nz *.flightcentre.co.uk; report-uri /api/csp-report; 6 font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net 'self' data: https://fonts.yieldify-production.com/fonts/100822/e6e8821f-e1ad-4601-aaed-5b3386a4580b.otf https://*.hotjar.com https://*.yieldify-production.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com pal-test.adyen.com http://www.facebook.com/tr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com app-wallee.com *.weltpixel.com www.jsctool.com https://odr.promo.dev/ https://*.yieldify.com https://ohws.prospective.ch/ https://tpc.googlesyndication.com/ https://*.hotjar.com https://www.mainadv.com https://ad.ad-srv.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net app-wallee.com d.ratepay.com 'self' data: *.gstatic.com http://lindt-hg65tr.your-printq.com https://*.cookiepro.com https://assets-v2.yieldify.com/images/189494/2022/4/8/55c67825-1f9d-438d-815a-43a437f03af2.png https://assets-v2.yieldify.com/images/189494/2022/4/21/54125dc1-8b51-4175-bd53-7d33e427cc41.gif https://www.lindt-spruengli.com/ https://px.ads.linkedin.com/ https://*.seznam.cz https://*.hotjar.com https://*.yieldify.com https://i.cdn.nrholding.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com app-wallee.com d.ratepay.com www.jsctool.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com https://static-eu.payments-amazon.com/checkout.js https://*.yieldify.com https://www.googleoptimize.com/optimize.js https://custom.yieldify.com/v1/100510/100822/3d9a49d0c2/bundle.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://api.permaleads.ch/api.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://api.permaleads.ch/ https://*.adform.net https://*.seznam.cz https://analytics.tiktok.com/ https://*.hotjar.com https://*.pinimg.com https://*.daktela.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com d.ratepay.com *.gstatic.com tagmanager.google.com https://*.hotjar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv d.ratepay.com www.jsctool.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com https://*.criteo.com https://*.hotjar.io https://cdn.stickyadstv.com https://api.permaleads.ch https://*.ads.linkedin.com https://snap.licdn.com *.analytics.google.com https://*.r66net.com https://*.yieldify.com https://*.hotjar.com wss://*.hotjar.com https://geolocation.onetrust.com https://*.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 6 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tag.brandcdn.com https://rw1.marchex.io https://js.locatorsearch.com https://ajax.googleapis.com https://adservices.brandcdn.com https://js.adsrvr.org https://s.thebrighttag.com https://s.btstatic.com https://cdn.monsido.com https://code.jquery.com/ https://cds-sdkcfg.onlineaccess1.com https://fws-weblink.com/api/ContactApi/Script https://code.jquery.com/jquery-3.4.1.min.js https://www.fws-weblink.com/api/ContactApi/Script https://maxcdn.bootstrapcdn.com https://assets.ubembed.com/universalscript/releases/v0.178.1/bundle.js https://connect.facebook.net/signals/config/238169956748791 https://www.googletagmanager.com/gtm.js https://0ce1090bc3e344a4b7788246717cf06b.js.ubembed.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/482035107/ https://services.xg4ken.com/js/kenshoo.js https://static.hotjar.com/c/hotjar-1550586.js https://www.googleadservices.com/pagead/conversion_async.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com https://acsbap.com/api/app/assets/js/acsb.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js https://cdn.segmint.net/segmint.min.js https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://prism.app-us1.com/ https://sitesearch360.com/cdn/sitesearch360-v10.min.js https://ssl.google-analytics.com/ga.js https://www.googleadservices.com/pagead/conversion_async.js;style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://static.ctctcdn.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://use.typekit.net https://use.fontawesome.com https://p.typekit.net https://cdn.segmint.net https://cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://widget.reviewability.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://use.typekit.net https://use.fontawesome.com https://p.typekit.net https://cdn.segmint.net https://cdnjs.cloudflare.com;object-src 'none';base-uri 'self';connect-src 'self' https://tag.brandcdn.com https://connect.facebook.net https://listgrowth.ctctcdn.com https://www.fws-weblink.com/api/ContactApi/UploadFile https://www.fws-weblink.com/api/ContactApi/ValidateCaptcha https://www.fws-weblink.com/api/ContactApi/RefreshCaptcha https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.segmint.net https://cdn.acsbapp.com https://cdn.segmint.net;font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://use.typekit.net;frame-src 'self' https://troybankandtrust.locatorsearch.com https://adservices.brandcdn.com https://9441832.fls.doubleclick.net https://connect.segmint.net https://zhnbam.secure.fundsxpress.com https://d1eoo1tco6rr5e.cloudfront.net https://insight.adsrvr.org;img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://stats.g.doubleclick.net https://px.marchex.io https://cdn2.iconfinder.com https://insight.adsrvr.org https://mycmcu.org https://insight.adsrvr.org/ https://ib.adnxs.com https://tracking.monsido.com https://scontent-iad3-1.xx.fbcdn.net https://static.xx.fbcdn.net https://www.juicer.io https://scontent-iad3-1.xx.fbcdn.net https://www.fws-weblink.com https://78763.global.siteimproveanalytics.io https://www.facebook.com https://www.google.com https://1179.xg4ken.com https://www.google-analytics.com https://ssl.google-analytics.com;manifest-src 'self';media-src 'self';worker-src 'none'; 6 default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 5 report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://images.ctfassets.net https://assets.ctfassets.net data: https://www.facebook.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://snap.licdn.com; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://b.stripecdn.com https://crypto-js.stripe.com; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-qAoigsbVsoqQigwSGiMYuTbAdza9vdqvOsA4UNSB54A=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-4HwZEt/y+k0EIqGfaNZ1MRmRCUbC03K3G03imkZ/EyA=' 'sha256-T9Iq7ZVmxSNDo0MtKOVaMklBUMHeY5FCy6zb50dqr28=' 'sha256-eNaGg+YMox6LtUAMUegc8RPYMvlgqKfr5wXhQq7t0rU=' 'sha256-wZuPHYh4ZQjvUR2vj5D9uhS7b+N5+LvMGh5urayd9U4=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com https://crypto-js.stripe.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 5 default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: https: blob: android-webview-video-poster: android-webview: chrome-extension: moz-extension: ms-browser-extension: about: 5 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::APROD_3_4_0 5 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/csp 5 default-src https: wss: 5 frame-ancestors 'self'; block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.nebula.zyxel.com https://cdnjs.cloudflare.com https://google-analytics.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://static.addtoany.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zyxel.com https://*.myzyxel.com;style-src 'self' 'report-sample' 'unsafe-inline' *.nebula.zyxel.com *.google.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net;object-src *.googlesyndication.com;child-src 'self' blob: *.addtoany.com *.googlesyndication.com *.google.com *.doubleclick.net;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com; 5 default-src https: 'unsafe-inline' data: 5 default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 5 default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; plugin-types application/x-shockwave-flash; script-src * 'unsafe-inline' blob:; report-uri https://content-security-policy.jobteaser.com/report 5 default-src 'self'; script-src connect.facebook.net media-cdn.ipredictive.com www.googleadservices.com static.ads-twitter.com www.googletagmanager.com www.google-analytics.com use.typekit.net snap.licdn.com js.adsrvr.org *.doubleclick.net analytics.twitter.com api.mqcdn.com www.mapquestapi.com cds-sdkcfg.onlineaccess1.com assets.sitescdn.net api.mapbox.com assets.contently.com s.ytimg.com *.wistia.com *.wistia.net kit.fontawesome.com *.akamaihd.net tag.simpli.fi i.simpli.fi ssl.p.jwpcdn.com content.jwplatform.com abm.emaplan.com answers-embed.synovus.com.pagescdn.com cdn.pdst.fm tag.demandbase.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src api.mqcdn.com api.mapbox.com assets.sitescdn.net *.wistia.com *.wistia.net 'self' 'unsafe-inline'; img-src * data: about: 'self'; font-src use.typekit.net api.mqcdn.com ka-p.fontawesome.com *.wistia.com *.wistia.net fonts.gstatic.com data: 'self'; frame-src *.doubleclick.net pixel-a.basis.net pixel.sitescout.com insight.adsrvr.org www.youtube.com assets.contently.com www.facebook.com match.adsrvr.org player.vimeo.com www.fintactix.com answers-embed.synovus.com.pagescdn.com *.wistia.com *.wistia.net www.googletagmanager.com 'self'; connect-src www.google-analytics.com *.doubleclick.net www.mapquestapi.com *.mapquest.com *.mqcdn.com *.mapbox.com track.contently.com *.wistia.com *.wistia.net *.litix.io *.akamaihd.net ka-p.fontawesome.com www.facebook.com videos-fms.jwpsrv.com prd.jwpltx.com content.jwplatform.com videos-cloudflare.jwpsrv.com cdn.linkedin.oribi.io liveapi-cached.yext.com answers.yext-pixel.com *.company-target.com *.google.com *.cloudfunctions.net 'self'; child-src blob:; media-src *.wistia.com *.wistia.net *.akamaihd.net blob: data:; report-uri https://csp-violations.synovus.com/csp-report 5 default-src 'self' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' *.assurance.com; worker-src blob: *.assurance.com; report-uri https://60ede17b9dc1b52ae71f0257.endpoint.csper.io; 5 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 5 object-src 'none'; script-src 'self' https://cse.google.com https://js.hsforms.net https://rebilly.github.io https://use.fontawesome.com https://ws.sharethis.com pagecdn.io platform.instagram.com platform.twitter.com; script-src-attr 'self'; style-src 'self' https://cloud.typography.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 5 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: p.typekit.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.onetrust.com *.riskified.com cdn.cookielaw.org *.yotpo.com dhv2ziothpgrr.cloudfront.net maps.googleapis.com maps.gstatic.com *.stats.paypal.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com s7.addthis.com *.avada.io *.onetrust.com *.riskified.com cdn.cookielaw.org *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.nr-data.net *.newrelic.com maps.googleapis.com *.optimove *.facebook.net *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com unsafe-inline *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net *.paypal.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.adobe.io performance.typekit.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://geoip-js.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.onetrust.com cdn.cookielaw.org *.riskified.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.nr-data.net *.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com *.optimove *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5 default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com blob: wss://*.hotjar.io blob:; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 5 font-src ctiapi.com s3.amazonaws.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com ctiapi.com *.hestage.com *.ecklers.com *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.doubleclick.net *.clarity.ms *.vantivprelive.com *.google.com *.listrak.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com ctiapi.com s3.amazonaws.com youtube.com *.ecklers.com *.unbxdapi.com *.gfycat.com *.imgeng.in *.cloudfront.net *.userid.io *.bing.com *.google.com *.clarity.ms *.listrakbi.com *.riskified.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com ctiapi.com *.unbxd.io *.cloudfront.net *.cloudflare.com *.bc0a.com *.online-metrix.net *.vantivprelive.com *.listrak.com *.listrakbi.com *.listrakbi.net *.userid.io *.bing.com *.datasteam.io *.doubleclick.net *.upsellit.com *.clarity.ms *.murdoog.com *.dwin1.com *.needle.com *.cardinalcommerce.com *.ccdc02.com *.braintreegateway.com *.ytimg.com *.gstatic.com *.ctiapi.com *.riskified.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com ctiapi.com *.fontawesome.com *.cloudfront.net *.listrakbi.net *.listrakbi.com *.googleapis.com unsafe-inline 'self' 'unsafe-inline'; object-src ctiapi.com s3.amazonaws.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com ctiapi.com *.bc0a.com *.unbxd.io *.brontops.com *.ecklers.com *.doubleclick.net *.cloudfront.net *.listrak.com *.clarity.ms *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.demdex.net *.cardinalcommerce.com *.google.com *.google-analytics.com *.paypalobjects.com *.ctiapi.com *.riskified.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://humanelement.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 5 font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com/ *.typekit.net/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com https://www.facebook.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com tst.kaptcha.com https://www.paypalobjects.com/ https://bid.g.doubleclick.net/ *.fls.doubleclick.net vars.hotjar.com cdn.krxd.net insight.adsrvr.org *.flashtalking.com *.amazon-adsystem.com *.optimizely.com *.google.com *.pepperjamnetwork.com www.xtento.com *.bounceexchange.com ids.cdnwidget.com *.weltpixel.com https://www.facebook.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com store.paradoxlabs.com cdn.cookielaw.org 'self' data: pt.ispot.tv bat.bing.com sp.analytics.yahoo.com google.com ct.pinterest.com facebook.com https://www.facebook.com/ *.amazon-adsystem.com *.doubleclick.net *.krxd.net www.xtento.com cdn.xtento.com *.bounceexchange.com *.bouncex.net *.cdnwidget.com pippio.com edge.curalate.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.execute-api.us-east-1.amazonaws.com *.maxmind.com cdn.cookielaw.org contentorigin.bazaarvoice.com google-analytics.com static.hotjar.com script.hotjar.com *.facebook.net bat.bing.com s.pinimg.com js.adsrvr.org s.yimg.com *.doubleclick.net *.g.doubleclick.net *.kruxd.net *.listrakbi.com *.listrak.com *.newrelic.com *.nr-data.net *.optimizely.com *.amazonaws.com *.ucarecdn.com *.krxd.net *.google.com *.gstatic.com *.pepperjam.com www.xtento.com cdn.xtento.com *.segment.io *.segment.com *.bounceexchange.com *.wknd.ai *.pages04.net *.appboycdn.com edge.curalate.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com unsafe-inline *.listrakbi.com *.bounceexchange.com *.bazaarvoice.com https://apps.bazaarvoice.com/ *.fontawesome.com/ *.typekit.net/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.mmapiws.com cdn.cookielaw.org s.yimg.com ct.pinterest.com google-analytics.com *.listrakbi.com *.nr-data.net *.optimizely.com *.pepperjam.com *.segment.io *.segment.com *.bounceexchange.com *.wknd.ai *.bouncex.net *.cdnbasket.net *.cdnwidget.com https://in.hotjar.com/ https://privacyportaluat.onetrust.com/request/ *.doubleclick.net edge.curalate.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5 worker-src 'none'; 5 default-src 'self' https: wss: data: blob: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 4 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.hollywoodreporter.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 4 frame-ancestors 'self' https://console.twilio.com;report-uri https://www.twilio.com/console/api/cspr 4 default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io https://api.infinario.com https://datainsights.loopia.se https://sc.lfeeder.com wss://*.hotjar.com https://www.google.com https://www.google.se https://www.google.be https://cdn.linkedin.oribi.io https://*.analytics.google.com;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data: https://*.ads.linkedin.com https://www.linkedin.com https://www.google.be https://fonts.gstatic.com https://tr.lfeeder.com https://googleads.g.doubleclick.net;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com https://datainsights.loopia.se;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com 4 frame-ancestors 'self'; report-uri https://www.dailytelegraph.com.au/csp-reports 4 form-action www.imperva.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: b.6sc.co adservice.google.com www.google.co.uk cdn.bttrack.com www.imperva.com fonts.gstatic.com *.googleapis.com bttrack.com bam.nr-data.net www.google.co.in js.driftt.com geolocation.onetrust.com ipv6.6sc.co *.linkedin.com www.google-analytics.com munchkin.marketo.net www.brighttalk.com cdn.linkedin.oribi.io jscloud.net *.adsrvr.org *.bidr.io www.youtube.com js-agent.newrelic.com edge.fullstory.com privacyportal.onetrust.com snap.licdn.com segments.company-target.com 727-wrl-406.mktoutil.com *.vimeo.com go.imperva.com www.googletagmanager.com c.6sc.co j.6sc.co cdn.cookielaw.org imperva.containers.piwik.pro 727-wrl-406.mktoresp.com *.doubleclick.net bat.bing.com rs.fullstory.com id.rlcdn.com secure.adnxs.com tag.demandbase.com; frame-ancestors 'self' ; report-uri /csp_report 4 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/domain-registry 4 object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports; 4 img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 4 report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self' 4 default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/particles.js/2.0.0/particles.min.js *.livechatinc.com https://pi.pardot.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://*.hotjar.com https://www.googletagmanager.com/gtm.js https://www.redditstatic.com/ads/pixel.js https://app.sealmetrics.com/tag/tags https://bat.bing.com https://connect.facebook.net *.googletagmanager.com *.nitrocdn.com https://code.jquery.com *.etracker.de https://go.hornetsecurity.com *.etracker.com *.google-analytics.com https://api.signalize.com; script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://static.hotjar.com *.livechatinc.com https://snap.licdn.com *.googletagmanager.com https://pi.pardot.com https://bat.bing.com https://www.google-analytics.com https://go.hornetsecurity.com https://script.hotjar.com https://www.redditstatic.com/ads/pixel.js https://static.etracker.com https://code.etracker.com https://api.signalize.com https://tags.srv.stackadapt.com https://static.ads-twitter.com *.etracker.de *.nitrocdn.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://app.sealmetrics.com https://www.facebook.com https://cdn.linkedin.oribi.io https://www.etracker.de https://bat.bing.com https://*.google-analytics.com https://stats.g.doubleclick.net wss://*.hotjar.com https://api.signalize.com https://*.hotjar.io https://tags.srv.stackadapt.com *.livechatinc.com *.getnitropack.com *.nitrocdn.com *.google.com *.google-analytics.com *.hotjar.com https://api.redirect.li; font-src 'self' data: *.livechatinc.com https://fonts.gstatic.com *.nitrocdn.com; frame-src 'self' https://www.facebook.com https://www.google.com *.livechatinc.com *.hotjar.com; img-src 'self' data: https://alb.reddit.com https://spamina.com https://www.facebook.com *.hornetsecurity.com https://bat.bing.com https://px.ads.linkedin.com https://www.google.com.np https://www.google.com https://www.google-analytics.com https://analytics.twitter.com https://t.co https://www.google.fr https://*.tile.openstreetmap.org https://www.google.es https://*.g.doubleclick.net https://i.ytimg.com https://www.google.nl https://www.google.de *.nitrocdn.com https://www.google.ru www.google.com.mt https://www.google.ga https://www.google.com.et https://www.google.com.hk https://www.google.co.kr https://ps.w.org https://secure.gravatar.com https://www.google.pt https://analytics.google.com https://www.google.ci https://adservice.google.com https://www.google.ch https://www.google.com.tr *.google-analytics.com https://www.google.se https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.youtube-nocookie.com https://www.google.at https://www.linkedin.com https://www.google.tn https://www.google.co.uk https://www.google.ca https://www.google.com.co https://www.google.it https://www.google.com.ec https://www.google.cz https://www.google.co.id https://www.google.com.ar https://www.google.com.br https://region1.google-analytics.com https://www.google.co.cr https://www.google.com.mx https://ssl.google-analytics.com https://www.google.mk https://googleads.g.doubleclick.net https://www.google.com.mm https://www.google.co.za https://www.google.com.mt https://www.google.co.in https://www.google.so https://translate.google.com https://www.google.com.pk https://www.google.com.ph https://www.google.com.pe https://www.google.cl https://www.google.com.ng https://www.google.lu https://www.google.ro https://www.google.com.ua https://www.google.com.pa https://www.google.be https://www.google.com.gt https://www.google.com.my https://www.google.com.au https://www.google.co.ve https://www.google.co.th https://www.google.co.nz https://www.google.com.bh https://www.google.co.tz https://www.google.hn https://www.google.pl https://www.google.com.gh https://www.google.ge https://www.google.dk https://www.google.gr https://pagead2.googlesyndication.com https://www.google.com.sg https://www.google.lv https://www.google.im https://maps.googleapis.com https://www.google.ie https://www.google.com.sa https://www.google.al https://www.google.ae https://www.google.hu https://www.google.fi https://www.google.co.il https://www.google.cd https://www.google.li https://www.google.bg https://www.google.si https://www.google.ba https://www.google.com.do https://www.google.com.pr https://www.google.com.sv https://www.google.co.ma https://www.google.com.uy https://www.google.kz https://www.google.hr https://www.google.com.cu https://www.google.no https://www.google.com.fj https://www.google.co.jp https://www.google.sk https://www.google.rs https://www.google.ee https://www.google.com.bd https://www.google.com.py https://www.google.tt https://www.google.com.eg https://www.google.com.cy https://www.google.md https://www.google.lt https://www.google.mu https://www.google.dz https://www.google.lk https://www.google.co.ke https://www.google.co.uz https://www.google.com.kh https://www.google.rw https://www.google.com.ly; manifest-src 'self'; media-src 'self'; worker-src 'self'; style-src 'self' 'unsafe-inline' *.nitrocdn.com https://cdnjs.cloudflare.com https://api.signalize.com https://tags.srv.stackadapt.com; style-src-elem 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://fonts.googleapis.com *.nitrocdn.com *.licdn.com; frame-ancestors 'self'; report-uri /wp-content/plugins/csp-report/report/; 4 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint 4 default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 4 frame-ancestors 'self'; report-uri /stf/reportiframe 4 default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 4 default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 4 font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net viewer.byondxr.com cdn.livechatinc.com mediacdn.espssl.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com pal-test.adyen.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://www.paypalobjects.com https://lindtusa.rlvs.co.uk https://ghirardelli.slgnt.us 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: p.typekit.net www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com *.listrakbi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com 'self' data: https://mediacdn.espssl.com/2824/Shared/Modal/chocolate.png https://www.linkedin.com https://*.linkedin.com/ https://px.ads.linkedin.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google-analytics.com *.adyen.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com byondxr-viewer.byondxr.com web-apps.byondxr.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.youtube.com *.livechatinc.com *.serverdata.net *.tiktok.com *.listrakbi.com *.listrak.com *.mczbf.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com *.listrakbi.com *.listrak.com unsafe-inline tagmanager.google.com *.gstatic.com https://cloud.typography.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com t.elasticsuite.io *.google-analytics.com https://vc.hotjar.io https://cdn.linkedin.oribi.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://axaxl.com https://eus-prd-f8372a898644-xp2-cd.azurewebsites.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://cf-images.us-east-1.prod.boltdns.net https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://id.rlcdn.com *.company-target.com https://company-target.com https://api.company-target.com *.demandbase.com https://demandbase.com https://tag.demandbase.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.fls.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.co.uk https://doubleclick.net https://bid.g.doubleclick.net https://match.prod.bidr.io *.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://vjs.zencdn.net *.newrelic.com *.nr-data.net https://bam.nr-data.net https://js-agent.newrelic.com *.brightcove.com *.brightcove.net *.media.brightcove.net *.api.brightcove.net https://secure.brightcove.com https://brightcove.com https://players.brightcove.net https://metrics.brightcove.com f1.media.brightcove.com https://edge.api.brightcove.com https://p.adsymptotic.com *.adsymptotic.com *.newscred.com analytics.newscred.com pixel.newscred.com t.newscred.com https://analytics.newscred.com https://pixel.newscred.com https://t.newscred.com https://img04.en25.com *.eloqua.com https://s754241824.t.eloqua.com; report-uri https://axaxl.com/cspviolation; report-to https://axaxl.com/cspviolation 4 default-src 'self' *.smartschool.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' c0.wp.com https://ssl.p.jwpcdn.com stats.wp.com use.typekit.net p.jwpcdn.com *.google-analytics.com; script-src-attr 'none'; style-src 'self' *.smartschool.be 'unsafe-inline' c0.wp.com; font-src 'self' *.smartschool.be *.typekit.net wordpress.com data:; img-src 'self' *.typekit.net pixel.wp.com *.google-analytics.com stats.g.doubleclick.net data:; connect-src performance.typekit.net stats.g.doubleclick.net; report-uri /csp-violation.php 4 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/verily 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.privacy-mgmt.com maps.googleapis.com www.news.co.uk uk-script.dotmetrics.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdn.privacy-mgmt.com *.tiqcdn.com unpkg.com uk-script.dotmetrics.net *.scorecardresearch.com *.google-analytics.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com fonts.googleapis.com use.typekit.net maps.google.com unpkg.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.scorecardresearch.com *.news.co.uk www.news.co.uk *.dotmetrics.net newsuk.s3.amazonaws.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.youtube.com *.vimeo.com *.brightcove.com cdn.privacy-mgmt.com; report-uri https://www.news.co.uk?gdsih-csp-report; 4 default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; 4 connect-src 'self' *.edenred.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com; font-src 'self' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' *.edenred.com https://cdn.cookielaw.org data: https://api.mapbox.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com; media-src 'self' *.edenred.com; object-src 'self' *.edenred.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com cdn.datatables.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com unpkg.com www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com cdn.datatables.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com unpkg.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://tagmanager.google.com cdn.datatables.net cdnjs.cloudflare.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; form-action 'self' *.edenred.com; frame-ancestors 'self' *.edenred.com; report-uri https://www.edenred.com/fr/system/reporting/csp_reportonly; report-to csp_reportonly 4 report-uri https://gfcorporate.report-uri.com/r/d/csp/reportOnly ; default-src 'self' www.gfms.com gfms.com gfcorporate.report-uri.com *.google.at *.google.be *.google.cz *.google.dk *.google.fi *.google.fr *.google.de *.google.it *.google.nl *.google.no *.google.pl *.google.ro *.google.ru *.google.es *.google.se *.google.ch *.google.com.tr *.google.co.uk *.google.com.ar *.google.ca *.google.com *.google.com.br *.google.com.mx *.google.com.au *.google.cn *.google.co.in *.google.co.id *.google.co.jp *.google.com.my *.google.co.nz *.google.com.sg *.google.co.kr *.google.com.tw *.google.com.vn *.google.bg *.google.hr *.google.ee *.google.gr *.google.hu *.google.lv *.google.lu *.google.mk *.google.pt *.google.rs *.google.si *.google.com.ph *.google.co.th *.google.com.eg *.google.co.il *.google.co.za *.google.ae ; connect-src 'self' *.google-analytics.com apikeys.civiccomputing.com maps.googleapis.com center.lon5.atomz.com clapi.civiccomputing.com sp1004e61f.guided.lon5.atomz.com sp1004e61a.guided.lon5.atomz.com sp1004e5dd.guided.lon5.atomz.com stats.g.doubleclick.net www.facebook.com uberall.com api.moin.ai www.gfpstools.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ; font-src 'self' fonts.gstatic.com widget.moin.ai static-prod.uberall.com static.prod.uberall.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com ajax.googleapis.com cc.cdn.civiccomputing.com connect.facebook.net cdnjs.cloudflare.com gstatic.com maps.googleapis.com siteimproveanalytics.com snap.licdn.com static-prod.uberall.com uberall.com www.youtube.com www.pagespeed-mod.com www.googleoptimize.com mktdplp102cdn.azureedge.net www.pagespeed-mod.com widget.moin.ai r1.dotdigital-pages.com r1-t.trackedlink.net r1.ddlnk.net ; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com widget.moin.ai ; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: assets.georgfischer.com www.linkedin.com *.global.siteimproveanalytics.io nswow-imageresizer.azurewebsites.net px.ads.linkedin.com www.facebook.com *.google.com gfms.com www.gfms.com static-prod.uberall.com static.prod.uberall.com www.linkedin.com s7e5a.scene7.com *.g.doubleclick.net 38e76c47ade744b48fc12ad21059e592.svc.dynamics.com i.ytimg.com maps.gstatic.com www.gfpstools.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ; child-src 'self' analytics-eu.clickdimensions.com live.solique.ch www.youtube.com ; form-action 'self' ; frame-ancestors 'self' ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: analytics-eu.clickdimensions.com google.com ir.tools.investis.com irs.tools.investis.com live.solique.ch recruitingapp-5505.de.umantis.com registration.gesevent.com six-swiss-exchange.com tools.google.com uberall.com widget.moin.ai 38e76c47ade744b48fc12ad21059e592.svc.dynamics.com www.gfps.com ir2.flife.de www.youtube.com r1.dotdigital-pages.com youtube.com ; 4 font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.affirm.com *.affirm.ca *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com/ *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.maxmind.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.mmapiws.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://*.gigya.com https://consentcdn.cookiebot.com https://*.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.sharethis.com *.gigya.com 'self' data: 'unsafe-inline' data: https://*.gigya.com https://www.google.it https://bam.nr-data.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com https://legals.paninigroup.com https://*.cookiebot.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.addthis.com https://*.facebook.com https://*.addthisedge.com https://*.moatads.com https://*.recaptcha.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://legals.paninigroup.com https://stats.g.doubleclick.net https://*.facebook.com https://bam.nr-data.net https://*.addthis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval' 4 default-src 'self' *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.lt google.it *.google.cz google.cz *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleapis.com googleapis.com *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.cz sharp.cz *.sharp.eu sharp.eu *.sharpmarketing.eu imgs.aws.sharp.eu *.actonsoftware.com cdn.cookielaw.org stats.g.doubleclick.net bam.nr-data.net; script-src 'self' 'unsafe-inline' *.googletagmanager.com googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.youtube.com youtube.com bam.nr-data.net js-agent.newrelic.com cdn.cookielaw.org *.sharpmarketing.eu *.gstatic.com *.hotjar.com snap.licdn.com bat.bing.com; style-src 'self' 'unsafe-inline' *.sharpmarketing.eu; img-src 'self' data: *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.lt google.it *.google.cz google.cz imgs.aws.sharp.eu i.ytimg.com d35hoao4dw4qk2.cloudfront.net www.google-analytics.com *.sharpmarketing.eu *.actonsoftware.com px.ads.linkedin.com bat.bing.com px4.ads.linkedin.com www.google.co.za www.google.bg googleads.g.doubleclick.net www.google.gr; frame-src *; frame-ancestors 'self' *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.sk sharp.sk *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.hu sharp.hu *.sharp.lt sharp.it *.sharp.co.jp sharp.co.jp *.sharp.cz sharp.cz *.sharp.eu sharp.eu; child-src *; font-src 'self' data:; connect-src 'self' bam.nr-data.net cdn.cookielaw.org stats.g.doubleclick.net privacyportal-eu.onetrust.com *.sharpmarketing.eu *.hotjar.com vc.hotjar.io bat.bing.com; report-uri https://apps.sharp.eu/sharp/apps/eu/csp-violation/report.php; upgrade-insecure-requests 4 default-src 'self'; report-uri /o/csp-report; img-src 'self' data: https://6047320.global.siteimproveanalytics.io https://p.typekit.net https://eu2.snoobi.com https://6047338.global.siteimproveanalytics.io https://yt3.ggpht.com https://i.ytimg.com https://www.youtube-nocookie.com https://*.twimg.com https://*.global.siteimproveanalytics.io https://www.google-analytics.com https://platform.twitter.com https://syndication.twitter.com https://data.reactandshare.com https://www.facebook.com https://connect.facebook.net https://www.googletagmanager.com https://www.gstatic.com https://translate.google.com https://image.slidesharecdn.com https://public.slidesharecdn.com https://maps.gstatic.com https://*.googleapis.com https://*.vimeocdn.com http://pbs.twimg.com https://maps.google.com https://pbs.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com https://eu2.snoobi.com https://use.typekit.net/ https://cdn.datatables.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.reactandshare.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube-nocookie.com https://www.google.com https://*.google-analytics.com https://www.googletagmanager.com https://*.siteimproveanalytics.io https://siteimproveanalytics.com https://*.soundcloud.com https://www.youtube.com https://cdn.syndication.twimg.com https://data.reactandshare.com https://www.facebook.com https://connect.facebook.net https://www.google-analytics.com https://translate.googleapis.com https://public.slidesharecdn.com https://maps.googleapis.com https://*.vimeocdn.com https://code.jquery.com https://maps.google.com https://eu2.snoobi.com https://analytiikka.ahtp.fi https://www.sttinfo.fi https://js-agent.newrelic.com https://widget-telwin.getjenny.com https://rewidget.jrc.ec.europa.eu; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.youtube-nocookie.com https://platform.twitter.com https://*.twimg.com https://cdn.reactandshare.com https://translate.googleapis.com https://public.slidesharecdn.com https://*.vimeocdn.com https://code.jquery.com https://cdnjs.cloudflare.com;font-src 'self' data: https://use.typekit.net/ https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.reactandshare.com https://www.google.com https://public.slidesharecdn.com https://cdnjs.cloudflare.com; frame-src 'self' https://platform.twitter.com https://youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://syndication.twitter.com https://www.slideshare.net https://player.vimeo.com https://www.google.com https://fimeaweb.fimea.fi https://hkp.maanmittauslaitos.fi http://fimeaweb.fimea.fi https://www.sttinfo.fi https://dreambroker.com https://www.ratiopharm.de; connect-src 'self' https://platform.twitter.com https://www.google-analytics.com https://data.reactandshare.com https://www.youtube-nocookie.com https://cdn.reactandshare.com https://youtube.com https://www.youtube.com https://syndication.twitter.com https://data.reactandshare.com https://siteimproveanalytics.com https://*.siteimproveanalytics.io https://www.google.com https://translate.googleapis.com https://www.slideshare.net https://region1.google-analytics.com https://maps.googleapis.com https://spc.fimea.fi https://maps.googleapis.com https://analytiikka.ahtp.fi https://widget-telwin.getjenny.com; 4 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://draft.blogger.com/cspreport 4 child-src 'self' blob: https://youtube.com https://www.youtube.com https://plusone.google.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://facebook.com https://connect.facebook.net https://platform.twitter.com https://bat.bing.com https://sdk.privacy-center.org https://bam.eu01.nr-data.net https://www.clarity.ms https://d.clarity.ms https://*.doubleclick.net https://tr.snapchat.com https://servedby.flashtalking.com https://insight.adsrvr.org https://vars.hotjar.com; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com s7.addthis.com; script-src-elem 'self' 'unsafe-inline' walibi.fr https://apis.google.com https://www.google.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com https://service.maxymiser.net https://snap.licdn.com https://t.contentsquare.net https://youtube.com https://www.youtube.com https://plusone.google.com https://www.gstatic.com https://facebook.com https://connect.facebook.net https://bat.bing.com https://sdk.privacy-center.org https://bam.eu01.nr-data.net https://*.clarity.ms https://cdn.goldenbees.fr https://tag.goldenbees.fr https://sc-static.net https://js-agent.newrelic.com https://api.ipify.org https://s.pinimg.com https://js.adsrvr.org https://insight.adsrvr.org https://static.hotjar.com https://script.hotjar.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com s7.addthis.com 4 default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 4 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.newrelic.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com 'unsafe-inline' *.sessioncam.com 'unsafe-inline' *.adyen.com 'unsafe-inline' *.google.com 'unsafe-inline' *.gstatic.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval'; font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline' *.facebook.com 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.force.com nestle-forms.cs.blip.ai *.facebook.com data: *.adyen.com 'self' 'unsafe-inline'; img-src * 'unsafe-inline' data: widgets.magentocommerce.com *.sessioncam.com s.ytimg.com data: *.adyen.com *.google.com 'self' 'unsafe-inline'; script-src *.evgnet.com *.salesforce.com *.doubleclick.net *.facebook.net *.force.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleadservices.com s.ytimg.com www.youtube.com *.adyen.com *.google.com google.com *.gstatic.com *.newrelic.com 'unsafe-inline' 'unsafe-eval' *.nr-data.net 'unsafe-inline' 'unsafe-eval' *.sessioncam.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.force.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net *.google-analytics.com *.nr-data.net ws.sessioncam.com ; child-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; 4 default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 3 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl 3 require-trusted-types-for 'script';report-uri /_/Gstore/cspreport 3 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3 default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';connect-src http://localhost:3103 *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com wss://*.messenger.com www.messenger.com www.google-analytics.com wss://*.messenger.com:*;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 3 default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; connect-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: https://sentry.eff.org/api/2/store/; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 3 script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 3 default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com wss://*.hotjar.com wss://*.qualified.com 'self'; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=wufoocms 3 default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error 3 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 3 object-src *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 3 connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://portfolio.adobe.com/api/v1/errors/csp 3 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3 default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 3 default-src 'self' https *.wistia.com *.wistia.net www.google.com stats.g.doubleclick.net; script-src 'self' 'unsafe-eval' *.prismhr.com *.marketo.com *.clickagy.com cdn-cookieyes.com snap.licdn.com bat.bing.com/ snap.licdn.com connect.facebook.net ws.zoominfo.com connect.facebook.net/ *.google-analytics.com organizer.bizzabo.com/ www.googletagmanager.com tagmanager.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.wistia.com *.wistia.net src.litix.io js.hs-scripts.com js.hsleadflows.net js.hs-banner.com js.hsadspixel.net js.hubspotfeedback.com js.usemessages.com js.hs-analytics.net js.hscollectedforms.net js.hsforms.net js-na1.hs-scripts.com forms.hsforms.com script.hotjar.com static.hotjar.com/ munchkin.marketo.net/munchkin.js ucarecdn.com/ 'sha256-LXwTDpwi968mVXZZJmujKxtgLXF2cxedS6Fan4mlVzQ=' 'sha256-1CXGdeUws6J409ole2CXuaFQQcFx7phA2AHXu2Z8+w8=' 'sha256-+fbwxqMv4YsLr5E9sQ2ZHzY/HSl8ahOenzrsxyuu4zU=' 'sha256-iYXZX/FhbpYBQjhePZwuHAdx5BenY+hY7JQNq8qEQ1U=' 'sha256-cfBANNI0HPDg3MgYdaHVJFppOVcW4sRHAwl8A7qZz9A=' 'sha256-q2tCjVvOkso5aY92hcEpy98YTEgzE97piErutf/lRjQ=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-K9z9N/mWUXlBOfu1WzJ/TKBHbPCkcmOh0RmtcjEOVJY=' 'sha256-KyaSZZGTdllTK2+QkLrl0nn9sz72tp/76zCxR2+H7X0=' 'sha256-xPPbKQPYb3HDg6dTwsuC7y6bsAg+Je8+Yhv1BgFUgiE=' 'sha256-+0IHPBVeiniuVZik9FazPt1fh0isDlZLc5UaibO/nBQ=' 'sha256-NfLcffFVziWSCSOoflHBqjBe6cqLXDf2ff6kBws0Vo4=' 'sha256-LC1RNvDph5nY5+YQ280f5s1UgzsEOyKrwn4Owb2vfqM=' 'sha256-qdxmeMS5jMmgKastCN3HmtlWcEniDaRmN/BF5XXDfY4=' 'sha256-URuIdNMEFAobQa/7Ff0flZmOUxZrJNc1ZoBZEMnagMo=' 'sha256-WatJ6N9Z0ZNqCwWCvoScLjeWm5ho+eo5Z59PTWPNE2I=' 'sha256-q2ekAPLa4+LG/nv54ftqH3SYIPFFlTvK/eNoexLUfxA=' 'sha256-PhiFez0dsuJMUmoJG6y1umlBELqHPwErQgws4Iy5Ayc=' 'sha256-NdG9xxF7KgIqvziBj3zt1TJsRGzsUxmPwTX6NFGIWcw=' 'sha256-lpND0P8OLgT75svm8kAku5TWK6/ZbQ0KVqexscACzpI=' 'sha256-b1hfLPnu5Y4V7Ek/KhD62+dS5TNq5z6SCR+v0MNSWV4=' 'sha256-DXQHKisvQGbmCr50/XpxG4ATAZdf3honRaCQo6yBhFg=' 'sha256-5qQyor8hlsh7vnYIWLBllms/LwWmX5jZBoXTBrkBTlo=' 'sha256-+i2Cfa7KqazHElNJ3xtWNgMhvcw0C8YYjcvF7ItLFDA=' 'sha256-fU99SySpnzOGa+PLLk43ThTYdgZgHBgIjRaTj/Gpbt8=' 'sha256-RkZsy3shBk+8V+K/Y/fwkdc4GionGZrGGIHmclg4Dd8=' 'sha256-7hDIsPeBLam+M9mzTZTxGtquFLSP9bdgGP0ZcZaicYM=' 'sha256-eRirQip4EunrV+DKNx+gmuenN+dmEoECPPXBlRA9XbI='; style-src 'self' 'unsafe-hashes' 'sha256-ko/6g2/DJFfyxXUZlcXNJ2KV9LnU1rb4XLXRiRKL6OM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-8vip8assuhkLqgmoNmuCZZ1CB1sNpU9eYlyhehJsdiw=' 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc=' 'sha256-C7VcxqNsf3kOIfhmGF+ghNp6SJ9dpLET4BqThByvqPk=' 'sha256-F9NZHGE7DqjK4szz06Ijrb43PeVe1koNzS4yNkbAUSs=' 'sha256-JyCJ6ZZTV5uYG6rFk9V5g2xnONEgHcTb0bykLClbiZs=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-7G0QMoZO6/OwOzJw8I71Kx5EEOGzH0HUTH1p6PZfTL4=' 'sha256-kTN8nch3/KpPyVARcSmLZIFfIkdQPnfkOS/7dBCR3U0=' 'sha256-EKaiSN6XMhgBkAvYthlpOPsmkwthSa+/nX+aB15CCuQ=' 'sha256-eSPXhIiqz7DrMXY4ZkulN7eMq0t6jjWfo9zIdux/Tuo=' 'sha256-RVUzT5WQgKUiRfwfZ5/d8nxqNBcGWoYqAQp72N/cCqE=' 'sha256-DtQrSFe0SAS3sbri81u+rrlApAE9YzgGXOzyES//dTY=' 'sha256-SQpfyqmMkr0cBrAo/pHMDa/sgfsLLuHnvr1p5sUAjoo=' 'sha256-F5gPP5eEpwaC58tIMVYk2qxMEECy7KIDJDkWMP0uk9Y=' 'sha256-386hq/GVL4nUzKoaPHnBoNByobscqLLCMMZ4aQswe0w=' 'sha256-CvB7LSTUTZkk7fpGRUGJjLpJTQp8GiqAmdpaN2U3rUY=' 'sha256-+IUGMGnZl2MT4r9kzUgwEh1TH/+rckIys31TgmU3bZI=' 'sha256-/3iBDoTcTU4nvxE4oe52Rlj/cgZnLw9S0d+R3bS9Hwo=' 'sha256-uRMdHM7vovi6FJd/j2Ic4/W6o4XN0ljYNmv+QNPLfLA=' 'sha256-UMuXBw4mj+cFNXfR4BQkDwItenFBm16nCFFGjEAL+PE=' 'sha256-TkUNb1+gnvyLEp5Cars9MxQEZrBO5mrUDDaN0Q/KQZQ=' 'sha256-8Cr6x47c4mQsArripi60PtXx5DsmiCp4JhF8lKjqeB4=' 'sha256-0iUGGQtR24cuia8qbz2Da2ICqGNm+kOcRYz8wudFo6M=' 'sha256-7tsch4b1kS1pWOkf0KLsa5DywsIerc2uNJ38r8WNi+Q=' 'sha256-qaGvM9a4Efh6yj2uMlbCjzF1ZKc6dNF4tdx0hmt82wk=' 'sha256-s6IpehL1Dcfvbn/QY1MA4otfjj+O7fzMbbfi7Qc6pmA=' 'sha256-MHhGBPWfOIPq6nwuNmWyesd3v3BHNY29D2u9igXixXc=' 'sha256-4yxJy+S3Wm3MOkgCl6tXyQu0D3hZqdpdjyQkDUKOVNM=' 'sha256-QRT1i8jVNWIigIhDTm0EoebAwc1Od5EhA3BJTCrGihI=' 'sha256-MlIaULLWE6JQSlx/GfLfMU30dZtVgsABuMZkWUC0QYs=' 'sha256-xtBTXDWyuT8LlCWBGwzOyXcCAgnLaWCCm61L6p3l/2g=' 'sha256-7YxZjqgD/pE+dM1CMFFeuqfzrw5kL6AzVXgC130wbtc=' 'sha256-AQbXynQM47LDY4FHSYVNTgwJAU89bxLN+wKCjA9OAus=' 'sha256-6EANf3q7TA3PzDpgLK8msCpC3+5Oq9al9X2vFTn/4Zo=' 'sha256-bHAPExDmWqi/fxjdc9lPmn4LpUPmhleCmHGfhKZHh74=' 'sha256-7OrMh3TL3D8zoIVfecFAncU5RnCoP/WhQ/3mSVnE7nk=' 'sha256-E7Hku/ijG5OQSCVobD1xJdjiXcepi0Z9PkExHw1SX+Q=' 'sha256-3kXDSUzoOb8j6BEFGEuHtQbMSxLthfpCZrE/GEGVO5g=' 'sha256-hbON2lWz1tjgHhF/cPp0kFPn9If8VW0+RmKSnlePVKs=' 'sha256-KhManPGwvpgQGuVoy3byA/0Z9AaEPqI2PcD6BRagUxY=' 'sha256-t74oi3zBLgx39dP/nvCpnvjxCgIsrLyqp/1yDfpKv6o=' 'sha256-tIs8OfjWm8MHgPJrHv7mM4wvA/FDFcra3Pd5icRMX+k=' 'sha256-XrFPGCyB7yc9GtPQahs3IIMDf9FIrvMr3sI+aGE6nBk=' 'sha256-Shgxran2tltpotlX2VdsREPuRcqHOmZae0L8wVy60uk=' 'sha256-WMNA9W1eXxrQ5HkK6OuzOeTLcWSSJkiuwLElQdy7bZc=' 'sha256-Fxd3NTnpzIbGlm62dC/KuEJP/Tkw3XI6Hef8/zyWOTQ=' 'sha256-gKQC5QHkHI+fePH16e5b5iFN8P+YG4sdepxMH4zlxw8=' 'sha256-LIS20LjTJ72lvOCwpQNgKT20q047tYAElcdHEmhELq0=' 'sha256-X86m2Bt20duEYef007njcoSbT9xGCRBl04eDqymwPeU=' 'sha256-EOk2h4m/EyL2JzhtPSfU1+Cqtp0FxcVWkAS78EgDGWE=' 'sha256-GbCw3yPp8SzhoGg7peZPoEf2KaCXkx/y0r0KOTxicOs=' 'sha256-gn2pg1Z73aQVveIvqYzRjseF3vDs8y4t6EL1XB3xnBU=' 'sha256-M+lNrnXYKaRRrXepA/REG2Tl9+jXaSYu+uF4HUrQ1y4=' 'sha256-u6eUPYw5RI8koZUKffZqVsxB/58pvg0oFVx29Oc6CzY=' 'sha256-yuBd/IMgnp2L6IerzdqlrDYHWpJkTc59ka8QhVgO53k=' 'sha256-1YwXVkZRLTUPgNqN7uqm8OmiGxuyL5YekR0jW4RW6RE=' 'sha256-JamKOmpIVQSPv+gDrYtzbxnVclnrvhrOMLmA+WaGPIE=' 'sha256-gYvHiq5cdWpyENNe1ipniN/cLM3qRa8BhFtIgds9GZI=' 'sha256-VGPusKCrPh/Xc2nahn1ainWaV7KrbYaIkqKj+Zf3DU0=' 'sha256-aAX7cSrmkxpuTgFjFo/MRRBSrJ6lIg/Cpobb8VLwToE=' 'sha256-fL+TxL7XurPi7JNZY5w0wpvfE3ke+lRtLI5dr872k7I=' 'sha256-mh+iqoqJLQJXIpSFq8qjCkgeWyVM9NPyLt2F2lvgQRQ=' 'sha256-ngBcKWkQgpLYk+WfOwMMj5us8VF8lb8ktZjNBd5q3Og=' 'sha256-7T6jACQYyhiZ59VNT2ss0Bfq0PFUm2Spk/d2S/FasY8=' 'sha256-AbWGQ7r+EphQRE++OMoRypoigGNNDNC+cipXzGlTsrs=' 'sha256-j05t8tgqfvHt6egElzZiXPamPKztS3HuwhO94X0eFQk=' 'sha256-Lf8ADQHYqgIs2fqoG7aEObDivXdapy5Tml+MptlMCC0=' 'sha256-PA6jWESuuM5/L4GEN7yEglCsNvf+fq7NyywBEuq1bT4=' 'sha256-th8P6toTVzBtY5Wqgumyk9kqkdVLipSWo6/6eMfUDVo=' 'sha256-VWkG3rR92tqWKwxTi7FGCwo0s3+n19OMWDS2+QN0eiU=' 'sha256-xyTK0RZPoz9Wm/QIDqx4Ct2VOeWrE5wcxHiS7npelxk=' 'sha256-btHIhGCe6QA2cjpVFSaGaQuMgjjPk1LtZTzyPKhbWL8=' 'sha256-XnM8CCTzDk9KAN79nyd9ODaP6jyuv8ZYirdLukuH72I=' 'sha256-uxM8FjwkY9KKYXe9raDn/37GUPrRY7lsHXW9h30GkpM=' 'sha256-agWbS1aVZUWGmIevDG7z2UzvYlMZvsXEj6WrpeeyEO4=' 'sha256-hE7yiZ4SBrgc2jzC1qXiQW+fKAxgW5j3LKWDQ4WrvcA=' 'sha256-pg9OVNEconaMsm4twMn2i67bXBG7hXd/rB7M2erceiA=' 'sha256-syrmDASEqH2pK5NA5nF3SJafCRi6tCfAPTvdfn9bdXo=' 'sha256-xP0OLtWAwuPvFarYO9r/AEXiU0qGGMapQ8EbTvjq0bA=' 'sha256-mQt3wX9HVDJuX8VtjXJxBaOGhzwADQkSDdmblUgj5nI=' 'sha256-Qcoo7WaXiqq0jNZbx7GXs3ib4jmcMbmx7gj7Ai1miTI=' 'sha256-rUy3S6LHIaB6C3T8c3mX3THtC6phnF8Vwkc2w/Yodjs=' 'sha256-9BiebAFXhNFtLzWIamBhg/+2TVpUA2aHKZGuIW+LiVY=' 'sha256-9Y069FTelG6x800tM6GCc5P4dPh5e+8EbiiMWJx/jSU=' 'sha256-BeHko5oaK0Qzo4A9h0oaDxmIgnDo5VRVs7Jd1QCsbG8=' 'sha256-CbBR/kTIj7ERLV6b++uuYRbC6IDRnO4d8kPAVv2yq0Q=' 'sha256-gkvUWZOa8yzk+ru4vZy0C91Bub5yTXJpoc4GdvFXBRc=' 'sha256-n+GLbRcUzYhdm0wsfvrp3wtBu/XPS+Wp5hXL39UA6oc=' 'sha256-NV51liJZAXsbth1BfTtTnceCkaOTzEBaJxsjPABraDI=' 'sha256-RFZdAVEYymKsNBNqlj2j2dXszggAfQybaHSkMkGiTqg=' 'sha256-v1SphnIfnBtQQ8aNSoVZpA1ipiJ3sUMBXDtvxQWfzzI=' 'sha256-Wi3+8jbn12vus9Oq4FOqEUCOpuRG3clBaVvLZZ2b9Fs=' 'sha256-DGJ3uGtmIBSR5xdl/Yqa9SIy+OM9P16OOJeV5THQyLk=' 'sha256-XJdpzzejv1Hk61Um/Ozfb6V+3eqkxj30hRzqo6ZjRlI=' 'sha256-Xjz2BeNc7kmuRybBO7yyz5bHt2+F2N2yunk9tsnQYzI=' 'sha256-ZZSDNlPjOa1TyMbkg5Jjm1o4otOYyK/6QZJ6litnIA0=' 'sha256-/2+kasB7deprS+tjZrGVASgiiQ7eVPYUsUsBkmL0IVk=' 'sha256-05vJuiuQKDHg3XFU9MwW1FzsI56eDFjIQWON6MflTjo=' 'sha256-F6Aj001RQm6RN++aAKLxM/Nfl+t1CxOfsbZjaiZom0E=' 'sha256-gJhOOBjBsXuFWvbI+J3P9NjRuQgsjoIiZ5NHcn+tfaA=' 'sha256-P7rgJtjpDT6+xoqDW7Q4maEjlcxcpH7NwKVT0vh5B08=' 'sha256-RTCwWtvszHUqzsxcGAQyjkJTcig8yz+LZ3LQ14JOOgE=' 'sha256-xlQMNaHTM54kKlH1ZnPVJmtfswTraCLsuc4nmEeGbPo=' 'sha256-+/A0zMvId0scyUEj76cNV/QnrwEnS5kXBhzYEgT1elM=' 'sha256-0gW5r7IBUrr0z2M7E/ChibJ9XLpnh5PKtMaoKRD27/I=' 'sha256-80I6QJlKCBNvmh/+q4Go2SEZ9RJ2mKF/dnz7P4SOkNg=' 'sha256-AkGc/9SiOd74zk72UnCdLs+k10sM4iy2uKmgoXkaHe0=' 'sha256-BbIwxCAg2oA7AfYQsQbNwR8TawA9zbHvecWaoK18iX4=' 'sha256-ePvchMbIjY+A4jaY9U3td5WaXtAiNaVNQrU+MU3pQnA=' 'sha256-eXQbyB8YxZkWD5epgriI5Aoh333fjv618WjVSFU6Fbg=' 'sha256-fuRkCvg6IfeKrT7RU76gAp4b1/b38ZX6Pmi4Vfp8CSg=' 'sha256-g9dZL0fGgNsKZVF0S6MCxJ6OMvhTmQFLJdwUsrk+8eE=' 'sha256-h/w0jfFtxvn07+6hPKXqLLWumXWGxIED9Y+MOEQf+cU=' 'sha256-iUmC79jn8eGA5iVqmOuLvDlg4AlUFU2AxSNoSLsNnRA=' 'sha256-jJ7+WNuaQ5UF6bDMcDuhPgn+f1/j49oCbNUA05Ob5d4=' 'sha256-JwIj2XrzUhOvRe2BSAOGVQVPDU0MDQilMEFoT0dCb48=' 'sha256-Ne5O37d0jMB2NW1F+o/dxD4ZoymcR5UTFOW3c43vySc=' 'sha256-nJehYvO8f48NY/qQS2BE5noCDuDrXHtOjZLMR6UCdWI=' 'sha256-o88lMRCLT3j3Z3pXQXKi1jBXhFEcQ75TFhcf3o7U+uM=' 'sha256-taaIXCKocbSteGYxnVDAFaA2YRt8QQz+FyyepyXH3nk=' 'sha256-xBl89zEy48DVKUpuE6KfrBclBGM0S4sL50pdFty8+F0=' 'sha256-+E4DsKs9n9QjNyql6geD6p1syDQZTXaP50GzPUjPmMY=' 'sha256-+Y2fJ2g8e5gKatu/MkLPbFRnRCvOY1tyAXrWNGjXrow=' 'sha256-5iW0B5z3v7Am0mzCqJS9l9x7v628Fzp+Um6ifWMcR+k=' 'sha256-aoNmpMi04Wpmvn9VrEqvQyWylr1t6k4E1AOHaoPGBoc=' 'sha256-C8cyxVNjQmvnKSnKnrrUvFqAeb5UZORYT1fTu+YABFA=' 'sha256-DMbPUcIeocfkIYuFdHoAd70cmG0i2nX/OT/BTbrb2Rg=' 'sha256-erAAX4GcY0jxn6I2pGN5AN6hjNYPvpQpZmi8PajI1DA=' 'sha256-gkKaTZKSf7oWvagrPdtfIvJPemQnPjngNOqRuYwOvFc=' 'sha256-Gz7DMezPhhgL11GeW83Yk9V9Iud6Wt9f9vac6PO08KU=' 'sha256-HDgBKrBw8A9222ssW3BmXuMd9irG4J1ytXvQYuYO1v8=' 'sha256-Hs9cfK0PCzhIWLmWbzqZib9h3B402ym7mDzIbf5rQg8=' 'sha256-JmnlsK+Os62EUNnu8GwKXArA8DTdMTpAOQ6lz0DFdR4=' 'sha256-kczjML8SL7v3RBf3b7IS94tWNL9qSEXeEK30FLTWdnQ=' 'sha256-kk4+flcjmLp4Swirk8p1LkQADbVolfu3j/P7iNN4YNI=' 'sha256-lTJLT7Vm5nZ1wDKtrnmzdCAgLR81uShd6M569nLvzsQ=' 'sha256-LzaCt8LfW482u9hzDdPcuOpkl3YGh/GbZSG7Xchppqs=' 'sha256-NIZL7JzZmCU6bh1X0hJlQYdSLCLydi822r8XLYZdzdo=' 'sha256-osddx6UZ/zn8UBJAuE28UIf0tyOW+GxsMTnoTi21DXw=' 'sha256-q05fBX3h5eQd7Qln/Vou7SV4Aa5nf7Y9W+0gVoMUmdM=' 'sha256-u6iqOUA1o0m/TrLP8ASVZYkpfb9UtxBvNaP7JSatATo=' 'sha256-U7cQxDhtgx6th4o1KS5r0DcJmZWlWDXHyn4heU8cmkM=' 'sha256-wu3gJluHsPexcM0L2bTmsflJi5LPQF4LPQ/Cs+bwQDE=' 'sha256-yQ+pouxNeMgaT3KvEt2o5AUU9mDCodvxxMDN9OkSLME=' 'sha256-/8cFzY7ATwkeN44KqNtdHLdqSseTQeQ7VmkAXV5H740=' 'sha256-6qOj5YW7nfnqlg4e1hKcQqvL7l/bbnJEGAQqNrS36Ms=' 'sha256-dqaAkB5pEj1AUN5hi7vit9/hfKjU05QHQy+IbieGOUE=' 'sha256-ElOyJo9bLDlavNCKL2xWnYQiXqUo2w7L5dEwMr8I8Rg=' 'sha256-iP0U3yUUOu4yxg9LWYkOu04/lIrY3GgMQZ5viLjtXfM=' 'sha256-lMuNwjy4Fw1In/+Nadl5ZPm5gAa4t2jbLUL/ybM9rzU=' 'sha256-ozMpZN4jqHwGUKYZWZ6aW3sKzS/9qMuWQi6YKnvLTbc=' 'sha256-p1w6JbOsHDOFHNoRhDSmhFAEfgjMOPDT0Icr1Uu5T9M=' 'sha256-rwSnVuwrrosWJH97LcMZP7RSbWgbMpVecq4JEKNvxuQ=' 'sha256-t9ii0iIwAfRTDPsz/+8KfJriEKckEv0nnveIbfzNly4=' 'sha256-vgMYQGMLAudiQNUBB5pJN8lUTy0/pxuMUllMzjUaxKE=' 'sha256-WJ6fD7z7vgkGf9Hdz8ShT3eMxoLwngQ8/ramvsWH3wM=' 'sha256-Xvmn8qq9eJ9Ja+sB5epQuFmeBkCXyTx/SP5/fGJTZCo=' 'sha256-yEMoQNeyIPho4Yc3A2cRHmcVZwIP8bAKIztagcva5sk=' 'sha256-+bGB2bz8n3ppXgWOgqI72JMHVrmeanLpqez1TSghb2A=' 'sha256-+IDeWQ6e7apnt+opwWaGr/Nfs6NjPRF8BRFMFqstsUE=' 'sha256-+ihfbmPy4YP0RoLdaSkfs+dHUZj+XqUY2LE0cXFcLXk=' 'sha256-1SeoIL1jrnhTYuqjOhSfgXmVLHfQXs8I/jYB3T0oSG8=' 'sha256-2kE8U5fVpoBn0BBOlVVfMYiD81irjGQbU8JGIwk8z0g=' 'sha256-2VnOcuXJgABaDLtERWfC7wNJVCHETZBOPqQyiLDiEcY=' 'sha256-31HJj7hEucLdZF31vdUNokPvJIywTWxaxrduszYw/tk=' 'sha256-39IT1UtagGOFZAcPtdxHjb38J9TXeJgb9XnkhsIfG5o=' 'sha256-3Gaj8UgF8rcXYila7uSngWZ4jj4eak6h959L96EN7YE=' 'sha256-3q/58mWGIwHrE9xSDsd4IqFbqCAJF4kOLtW7Hsw1Smk=' 'sha256-3Zb1qABOXC12kfGu9xJjpBV2WSLY+SbTiznSAv3u5PI=' 'sha256-6Gaawfh8XVyj1ss9QXZaIjkFXsD5l7A91D/Zn5Fc58c=' 'sha256-8/zc+ObQsh5Vr7HDlDPnfCJ8S72G/VwH4FRtG3oQkyw=' 'sha256-8EwZDNmZDmsZwip0T5gwdSBZkY5YCfrX6cBM7XQ8OEc=' 'sha256-8lbRDqzA1Gc/FqBO0jO99+LoH0mOCm61/WmhlBoH01c=' 'sha256-a+/PhJoApqyyCrv54KJwaSeOdSX1OdrM3nHxylf78+s=' 'sha256-b7SBKUvE94sBp/Vh1XWXHLuO3x5zbcqlb3uIOdy8YLA=' 'sha256-cSShaIQpKVbPaWf/rpyeEErxtHy5qNHZcNduCMEhbT0=' 'sha256-CVNRDWtkkZeo9vG8J3i4vfOC4+cBqbeZBGs8KZWzQ9w=' 'sha256-CyaaVG2I4eYt6tTrMJ+ALKYX2tqEadASp3JMw3OOdpw=' 'sha256-CYnZDjrinUXkSXMy5TQ4obkHY5PZ/R3IR/6irx/FpnI=' 'sha256-dACL/JOERyhzrjAIqMyHFmopuA40mqcF4l3kEW20KHI=' 'sha256-DaFKyfCJ6KtUU5fnTV3hfmZQJDPBHLKWLKi4QNvxnso=' 'sha256-dsNdq226+OwlzRl3wzp7VbBpXBGSNRW5t4TqmlVoMBU=' 'sha256-e/YsWKCmIR+Uh6xYtL3qY1H16giMWMQp2CRwY07O2G8=' 'sha256-EFpgSZqMQ51Wo+C/EMnqoyV+m5LRkYhCq+RbJoQQizc=' 'sha256-FwMUCsKpjv4RZ1V4AcKbjFWPx8CAGcDZMOMPd3eeuy0=' 'sha256-FZkjMVVyQZVXKWbUrge0z6MffmImf20IfFqb9b/KJXo=' 'sha256-GDuM9LnuyHXAC8QNuu3J8tUmNSaL4dVBkce5NHQHOx8=' 'sha256-Gg7uj7PjCfoZfD42tXEDgR77nrDT4jd6saXQAATRwUg=' 'sha256-GXZLHL5Whxzh5zcg012VEprh08hPMTzm8KKWsbbUC8g=' 'sha256-h4l639FKO4cF1iginEvp2141XrjkAFplYViVMlX/6Rw=' 'sha256-HXCZc93/+ksLx7XGv+AlAn0x2GUNmyADv8Cl0jZgPJE=' 'sha256-IDnFvbuI9NjOq0MgWxa8tbH4IFqqeT7GrX92Y2SXpgA=' 'sha256-IUK9huUAXQ/GvccQU6yZTwh8PUS6i2X7vZqJIkdZXLE=' 'sha256-JGIqTwImPz8Vs+Z9LY9nS/OK/shSqGjlkohhgibefxA=' 'sha256-jzuV5hvFFUWx6jgNvkD6wumBI5tVCkX+4vyFHEfXCgY=' 'sha256-KSOjJ56Yx2y27w+Y4fN2Bh7IzuO/czD4XjY5lthx8RA=' 'sha256-kyVKN6wdvMfMQjefFeB1vYAzW8gpS3hgHWCtTYq/AWY=' 'sha256-LTfSZeu+1pOPjTl6DS9l7p6E1aRgiHLa4yIcVbRYhqA=' 'sha256-MLDcsOqHqnmCaz4C6AmwXn6LL6slVJ5lvzGFEpkxfQA=' 'sha256-NL1Slj4otaHevyKE6bi6G0RrL47x8Pqaw23EWprTiEQ=' 'sha256-o4pVhzPumTLnxM36nMqOJWhKoDvlui4BQZmEg1aofuc=' 'sha256-O91V1rbC6LBozGXZVWHk3U5TOZY3coK2VE7xrZCOPDI=' 'sha256-OkbjPFMezdTAB6ImjDdqMQUGqe8L6VDZT4wnbLQXCRE=' 'sha256-OwFpkXQeRqspIaCQi3F2EQh4rsOpBgklPWVcXO5GpPs=' 'sha256-pL4HvWW/vHQzwNQ8oro8d1E0nZR7SoO4h+kif1Vf9xE=' 'sha256-q4DFRg5wG/i98ogmvPoYKlGXvB7t7A7ZQMsHb240oXQ=' 'sha256-qM/09Fj8h54tJzBwzKw2BI/370VJWxUVAaCYhMwy/qU=' 'sha256-QM6Z9G9wMydUDisrmP77/z92aGgRTnVZDbffGMMbTFg=' 'sha256-R3WsfVV93GdgBBdciyKgv0WYubb+UCLUzOaDXuPrKBU=' 'sha256-Rmt0Rrma8EecfZIM1i+aeBR1hzBAJh5zXe9ym2e9sIE=' 'sha256-RpFc8UbZtBe+dhnhxhvpt5U2rOysZwzcnlbzIokY9hY=' 'sha256-RwK/x+RVKjFKJC8CD4MzmpK2DgKHCxHMdtJXh0uVuuo=' 'sha256-S+fXX2fsI9NdgP4pc3mOHAi3/EUcPdvNjtWm3TNP6Wk=' 'sha256-s3k7g7MPVS0rH5KFQThLddR282BJPQyaFGq+Ep2TWBE=' 'sha256-S524KHx5nKSwalQIZsbLcUbCgLei5RCATrbSI0ohJ9M=' 'sha256-SblAhzSPieArnBwV7/a1NX+R9Lpe1A2XNe6rtgMfhy4=' 'sha256-sOIV4DCyBKtTCu0Ubx9M4MYTTwK8MWNC1SYW2NuAttQ=' 'sha256-vjlugbUxkCiBNrL9AwEX792mQFtw0XJCjwH3/TT3Pmo=' 'sha256-w+Qwfc6wYngZh64cQUrMoshIkNZeGIf5Cuvd1XSjYeM=' 'sha256-y4FS45Ox5iq59I8JoWu44c7c/TMDUzRMmNZ2+EOhP4A=' 'sha256-zhNT1ZFzGylEvQMbtoDtokfMVkqYAIhVSFk+9r1A4p0=' 'sha256-zIc0Y+x6kbW6wnCrWjSEeMRatCBvczu39oyj03rBo3s=' 'sha256-ZM58RafnXz9oBu4Ia7d73KD6TviAozFAMuU71Pr7Vsc=' 'sha256-zsdZvw/IC0ue8UQq7nu4Ik7HUjm0Rcnu0Ao6pOCTJiQ=' 'sha256-/e5qPh0FhKm0dgBSIj/PuxiOBGP/M7sn7sjF7BxrbpQ=' 'sha256-+UmC9SzwSuTvyhQkbX+LTB6eePuOrAhCDzCJICdUbqU=' 'sha256-2f4yDwVHBiynpy7zHr9J+GFIL6TjH7drAG674Ksxcw4=' 'sha256-3ABjcE2IABI6/26OkEwJTcxIuEoLr6ojj2sMOVDlcdY=' 'sha256-3Vx3vDLkFgpMf4dSOLc1c923PTXEQKiHTe9Z+4e3C0I=' 'sha256-4wxka6f7hQ5Cgo7YfnbOmbL8k7+r/BN9bAwOJM/vvDU=' 'sha256-5vijjksJLGdNtby1fy2s9I+x6U+3v4IeSI1i9J3uVRc=' 'sha256-67Hj0ZK4SCAs/ia1J58+62Ke6L4y5yVN5J+CYJC3vlM=' 'sha256-73qFqXKqJn1Ht7/QX84dQmfincmTZzwAUEfk2wzpBpM=' 'sha256-aDk/1eyN/3vtNVNGMgPXSbNJLY3tdVU4awNPxs8nW0I=' 'sha256-bVYimsLrShj9t5T46Ex4qvAn5v7XCBLpjVIiauiAgwI=' 'sha256-HYouuljHiNmtYaPDVo002CH2P9I4Ix2UYF9UDfd91mA=' 'sha256-iQNkTGjk4lyBKS6+6vtrIdLrVYBJ1+wrxk+BhPKJABE=' 'sha256-iSb3/xth8ciQYXneWbJ4FF3JfNpH2rXvtOh4rxEz27c=' 'sha256-iyueG5oa7HRcXZamelvsx2FjSwurq6rxCxRJL970gx8=' 'sha256-JAz37FmabdWCxTyVrcFWs+fQRxFUIx4ivVHrM7mYJ4g=' 'sha256-l949qftm8YwbT0oyJq0TBpbQkQ8PuUUX5YNbw2mwD1M=' 'sha256-LHssI3525Dhhncz4D/fFpkJBH+d/FDWc2fKdjq1ah7o=' 'sha256-nl7RgVx49RvgrM99R0ogJjteMTrWigJ+6RNwyowdm08=' 'sha256-nvXuaRU4nCo/NRlkP+RsO74TZV0LMC7fISH+CD9yY0Q=' 'sha256-O2+tCymNJNXAt1PNeGpUdjx9tYTHtsUHA3yHgvt0o98=' 'sha256-OJqGKvOYVSxMkr41Je7Sh1W2BcUKvYsBrY11vKFH/5o=' 'sha256-oLCFrc6uKijvP2cIEVKe3b01pBp4j+7edqGJkSbL63E=' 'sha256-P/8gcC0b5FTQ2sw4SGYpFHlCEQxta7T97+3TP0rfjYE=' 'sha256-p5I7WyrPxNvdURbjuxFwibupTswVtmiwtbt+BOXuJXk=' 'sha256-Q/SnfRtG/7gslOA9E0/GIQl31AbE1xEwCrf7UXIlF7Y=' 'sha256-QA2XaBNt6Ci/83e3hqN8ottdzScwejGkJ40Aa4wOV+0=' 'sha256-qoUp/m8QE0ST5KOpQG0ktn63ae16e60OVPaPDO2NBdg=' 'sha256-RSrPGU7Oh8Fia3ldE0MOQ4Yj5DQ/oKRvWClvEZdYnFE=' 'sha256-RTgLbW1gv5vhSn1BHnoItf0kp92Ur6/Ur08KDx+7RlI=' 'sha256-u+ABfr1Nbj8hsmn/WRPWHyveZj1mdVexmmaKyhqAsxw=' 'sha256-Uo1Nik7X5h3OqNiNIR0TsrLCQ9YRcESMpcTYhVKc+Lc=' 'sha256-uvDgaYP6LwG/klbv5v0/XKXZg+xgBLT1A/9x5SHjb5w=' 'sha256-VGTwkNbWkSipAcdSPCOOT7HaP//DgA/1Vj4hrI99zNk=' 'sha256-Yjvj3a6/a+8kpv42TJucicMSkqz+Eg7vDS3BsyJtvBE=' 'sha256-ZljBPyaJOVWhJM/MvM2hLYwz5z1zuIyKMu//N01jJqo=' 'sha256-/AO6w5iIyFSpUo1SFGO8+Sq1DtPsmjxM7KfI9I3KbX4=' 'sha256-+9c9vkNtdJAlIL/OlC74TcKCzPC8ZBlUjtFVfl2E6Go=' 'sha256-+laoWCyhQaiknV+t489CKImNojOJcAM+7/BMDqZsuxA=' 'sha256-+PQkldmG8ylczfwH1mugJKFfWfMD1gQws2+FV0PFj/8=' 'sha256-07AT4uJtPKwrk/pwK5m1i3na5MPTozLP/6B51uw/NHg=' 'sha256-0C/aHiickgDRxRxiSLof0atK2WvS6d9badYJvuysT+I=' 'sha256-0c5E6PXurfgoyfEco0GVNUe0OSm6m/nKve84pcIk+JY=' 'sha256-0o0gf8I2NQFmOH75Z6zQ6aV40pVrZOlLQPH9WgxXDJ0=' 'sha256-0O5WQ3O7+jqp8ut2VaYXHsEt5HqpHLaRWpM6vQUul2c=' 'sha256-0rcE/Jz0EJmWXI7CZaQGuE+GhSzunOQz/HCheN2j328=' 'sha256-0X7RiEZH3PIfSYY2gSV7tib+3EsRAb4F1RPQtjmn7xY=' 'sha256-0XADbQC5/y8GVzXW24VRyIVoISw2uapL9RMyH5o51Xs=' 'sha256-10PIgJwgUNZiEhKAvlgMnJG4zLS4g5TcI2B9eQJzisA=' 'sha256-1cqnanKcC3/VeRdtCrf9po+y0BhKKNMYlPan2YpCoX0=' 'sha256-1SAVnO58e8N23NXRr57C6FFY/+Ird3q4VidwOf3veVQ=' 'sha256-1TlELuZxL9yiaqG+RLRwQJ+gH1eNqiDBY1PqE6h9aVs=' 'sha256-2+dS+n9Pah47gYjmchfaYD5g/iEbiyoAg7SGmiJtn0Y=' 'sha256-28vX9UwDbupk6lAzn25MKY/8BDMdZVs9dypbkWObPlI=' 'sha256-2UtvU9f3gKlDgIaL15cPBos4kuqfR5PFvD6ZFCpKMRw=' 'sha256-3Fw780Os5j8RurBuMt9WSM0KDGSXLzASj8NOEgAvAWc=' 'sha256-3nYqNJsd5jPLCvjbXq72DNub2/7bQ7QPFri8rRDU/gA=' 'sha256-3RVbUVvNZ19KG58NQUwQ7DMdQbuR6DHsHHEvWMV0ayE=' 'sha256-3zgQ029MxYNyAm1/n0/B1cUVhFTf4FqdRNmvCvwzNN4=' 'sha256-43vUjRecZDagN10PzSQUrqDxwuUt7KmZI0gVIqNEiqI=' 'sha256-4ABQrBooimq0gnc7nbOByFL5xyGKsGsiq5GbWjjxyuY=' 'sha256-4As8bOaQ43FtitRU1xQqMvFU2Yi+TBKAkvZtSQCmLeI=' 'sha256-4T2E8tvD8hsBe4B42wB1dfehaYd+zvZmA0jTYDTM8OQ=' 'sha256-59XC98vO4CHbpRDAeYBNSpvGodqcQWXBoeuEi0qbdhg=' 'sha256-67MTF9DVhvLi1ZK2+n/SEosxF9EomN7yCzeWNNFa3ZI=' 'sha256-7/OgNucteeqMOaZmCT7DNiFzTlg6elCJUV1b9PjnGq4=' 'sha256-7AD9Fsdz8hWgTLj7eGQFU+YobeMgzEw0zTuH/q/xksU=' 'sha256-7N+aUNO5P83dUbmf2O+vdmaVc09z/Per72uryRH5Kgc=' 'sha256-7UpLIrRwzZfRvE3sgVHBS/KmpS3npeljweupRKoqJXU=' 'sha256-7yJ1DfT6qvrs7Pfcc4UrVgSj1jJ1PHQpryd5MEQ1nkY=' 'sha256-85IVrZchH2aqGx9VdAd2/aqnTTMXKg+DvsPOAr8jLRw=' 'sha256-8t6bs4UELQlSTIvWt168F4g6IGyHStFW7Z9n++toIzY=' 'sha256-92PVmZtjaZvqLPFSIF1LHHSJf9Xl4ABYzuFX+7d2aPE=' 'sha256-9ctMUbBijNx8k8FmIQv6EnNE1b/Nu/Vz90f10Z4vrAM=' 'sha256-9Fbsa/gy6zLhzJiT0h2q0+IH9nkctG9/TjAJjw4iTmY=' 'sha256-9J6TTWjZ70J1qZWmYdakxK4X+5FHJjoq8peKwi+zIt0=' 'sha256-9jGamjltXl5UAQpif7XFvRK02Zgr9esoiTYkyXKN6hY=' 'sha256-9tlI6fee4OXIhhKjgPzRKRu9cKQOfZvgswfWy3MEDT8=' 'sha256-A75TRwR2W2rKm7vs5gBsowbpT7K0i2nJr9+90MYiNbQ=' 'sha256-ABxxMdKiXkLDNUbiMZHSrOmW2T1EI0ZctegggKHFUf8=' 'sha256-Ainnw/+1092wm99ks1yT5qHOeerKuWobxYyn6Kk7Tbs=' 'sha256-Al1cBHd22nm0XRGLxzjOVFfQoC30jd/PKp98+vjCxo4=' 'sha256-aR/Cy0gLX12/0yB+tDZ8cef33n2OaN6FEpFlojUE/bw=' 'sha256-AragYhQzmkTvHM/fUYKxfVrApmtLry9qkAz2DQv6vC8=' 'sha256-ARdL3bPNTExngdAlJTW7JuMtfuHiozTxvjX2TJVXNLc=' 'sha256-Av5L9dkYLjVujEJ6096/rHMU20+5esJtzRpE5gRI3kU=' 'sha256-bAngnfvFQ8VuJ6QcjDGXVca7yUmgPvf8T+yVxPjg/cc=' 'sha256-baXRUyn+52PsplZVgabfgQJnqLbMQs22tMbuzyCh8lg=' 'sha256-bhRGPiLw8W7jd92fonsloqX+sv5UOy32eDaLiLfVu0s=' 'sha256-BsBfuKgFD9TnrnW+xGcFMcOpYpbKjV++8c4MLo1sunk=' 'sha256-bU7XacsxBuNJnY+Ma4U44M9JN7I8p/BoneBmKrBXo2s=' 'sha256-BueBEv44VVPI2XdKecM414lkcH9bVAZyJynaX+696m8=' 'sha256-c9i/6AF4Pi2eONuMizFdRtuDqoaQLFDpgfLUBgHN5rE=' 'sha256-cE3kx2JXtgtynn0cHQgqkY1Pp4Hnv0m9ebFEXYpP0XE=' 'sha256-cGa5RiLoPRxKj1jXaQ0mYu97RsVPKCDQ8cArsIkJdlA=' 'sha256-ChuiaPch9OeeMEsn/Pob4b3GDoCSRK7gpvxztcjfNs8=' 'sha256-CksUwFjvatOKkX84Hre1r3ygurMXiA0neH6IucAkc4Y=' 'sha256-cQBcwChiNJdTaYmkIvbQpBlsjy0Wh4eGsMtnL1BScdw=' 'sha256-csJEXTw7iNzYWaOinWQYxSH7wg8EqXe4J4Ztr5LXWmE=' 'sha256-czu3NWFc+1hmM8CcqIHL6tMVT9rTum5LbyK+Po52qPg=' 'sha256-D5Pdmg/ovLaIIUIAT2hMCLMcxilEunRmLm+GJNW0hmg=' 'sha256-DjI5X4iWsoDIY5xSQet3EokH3RuilW/EhXV6JJxmWFU=' 'sha256-eaVlMabnhmHHa4cuvJ2kR3zfP9HlqZFxs1aUy1baTK0=' 'sha256-ecVRPypceovUtFUzRoopwkiaK6nnaOX8FzTCXWB4j44=' 'sha256-edVM9Zcgwuur/6zfYkrtIRvbas9U01xbfN0S2Oa/bao=' 'sha256-eLOpg1IQvPjCiC6hgAJcjWiEOU5XUEqsbMJBKDdi3xs=' 'sha256-EreRupj+LcRinPNWWDRB/o7kHmCaU5SuI7ayiWdJ6c0=' 'sha256-eZAzcvVaTnODDzdEK/XR2rh+Sn4DiUq1UDy8KMc07gY=' 'sha256-F0IgyRcSffBgT8LAxpIuf01yMwQhrcb5RYsHbBgDqFc=' 'sha256-f6zWHZExbyrJt620i/Kv9VRg3ZpuXSx3aVC9OLZtCgM=' 'sha256-fazD6vLMY8yk9BwpbwPDI2IX98Dee0apM/+e3B7FKY0=' 'sha256-fKz7qyXU/gZp/TAJTZSeYMuZMR4srMrxgu0Imjk5rps=' 'sha256-FlA3kfONtE6ZPC/Q2Erc3NqL5pPB4ME6Ly5mN/HP0kM=' 'sha256-FRwr8aLiWf+x4BS2O0KR4ncXaWTUNx80aKOf3VdQCC8=' 'sha256-FU80bi0g107cD+83ih00EtA3tmtDOtxHs9SEWioL/Xg=' 'sha256-fY6SJR2GzT0BDM+8eg1IDfekFbt3JzxdT9tlxezrbjQ=' 'sha256-G4mAoeDw/2GQh58yg6TkeGT0+pZxRio6tOvjsMafC5M=' 'sha256-gFI30iBF09nT8fVoq+V8oY5AV1dEfomqcAhGopR7V8E=' 'sha256-gFPddqF2XDrE0n4Ru3UiQjzmMTBwGrpvPa1b+FG/Ki4=' 'sha256-gFt2c8dNmSWXeN9t6wH32VSOqikd1NgA3axzFk7E3Pg=' 'sha256-gmadjZ0OqrH29U8x5nqmDVCJDRXk7hsBDdDMi7peeYc=' 'sha256-GOrMs1c+cOQ/Mg8wKFIwiTAWWuvFIvhw6a46pa2L554=' 'sha256-gzoUZ0LYYcATytUFGPJdVtCHQaQ/Az+1dgZFr3CERsw=' 'sha256-HamJnKoG2tJ9Y/laeSsm+d1tFk/QYfmhW3ADeTSy1dM=' 'sha256-hhsLIqo3d2vXFGYmgyov6cvup/Hc6YycRfZyJHAYX9U=' 'sha256-HT6DgxKAistor40mJAfNWNwI5jIJxaAtcq0X6lmDKlY=' 'sha256-HUGAhidDjUzquVmbySksf5aP1jaXmDEo6sf/Fve/WMI=' 'sha256-hw/b9Q1iUJahg+js8jzyTP1SbefkcRrRccGUky7VrF4=' 'sha256-HXanIvHKJySgTxdNroX2PIZ526+PQ+GR5hdW+HtVtU8=' 'sha256-HzWZOKhMmwogr5YYQtXA2TPhbNfzwSgOmSouz/8wwHE=' 'sha256-I8tGkMERUY5R648guUkC/AUcMJ8D8GBJNVEXWDHpwlw=' 'sha256-ia55VleB6/FImYbw5N2txBq/OAml9gda9VWI18JBf0s=' 'sha256-iCex7YTyGyjRzKrX5m1UgP3AXhGWbyMvYxeUpY1Cfus=' 'sha256-iml32bW3eq9LQ/ScTvuI5NCtvQhBL7AeqJCX2DpdyCg=' 'sha256-irkYIWWUJTuZXz9wF/cOIUqqmg92Y/HaFqmFO1oxQ9M=' 'sha256-iuT7HY83T5juAwTmkz5cHnsUfAFpVEpuFLjp3sq1yNY=' 'sha256-ixrQeK1FFuaw2aBtUo47dRVx1e1IAwMxdEjSwVlw0aU=' 'sha256-j4mKuSu+6BgpZi5wrtb9y6gNW6pNWvlbA20qGcvLNy8=' 'sha256-J5+UBufucBbDmshM07uZtCDH3HHVkiDEO4b6dYPUQ40=' 'sha256-jb+dpY42PHCxCLfamHODbsKIL78MwrKSkvkJx02gZUQ=' 'sha256-jI370ETRApPs1Uu5kggowfhXJzdD5gji/f2oMU6517I=' 'sha256-jKQxPp8DdjKKviDgzCJPXi8rQjlDLzGQPcpp5w5vKU8=' 'sha256-jNWBQ58O7WatfeAeomrLd4l5V3JGz6dmfwXQME0hiS0=' 'sha256-jOJvLGlTKZcEUddpzWM0hol7DMqt8EYzpmNAh/RqLCs=' 'sha256-K+jtIeq+5Bm0GMZ9Q2/jTytmlF+dOAzicTHCHyNZHsw=' 'sha256-k+mLTGh4kIW3MoJw7v4aZuIilIuGFHY85fORQ1vS65s=' 'sha256-k0DjWvWJU6svkQzlvFLe+MU2PfyI/JTS7ZkuZNSb3z4=' 'sha256-kC6lH1iNGOIszS9lUDV1IWzOjGFM5RzDsfLL2BbOGZQ=' 'sha256-KmS3pprqrtd7Q0AlyqzyBjuYsmIwfZcU5OFGU28xeL4=' 'sha256-kt2ebO2BFngjCFM/YFOzC7ii9229twyUioLXaN4V+DM=' 'sha256-kVHvV9bBwCNMnTwNTPmgOyFiiFIiAtgYj8t3pV9V2ZA=' 'sha256-kWUF9jQlusSQncfG7PQI/8khsEL0gHaFnlYZeHKhTTI=' 'sha256-kZaYY+LfyJCThdjBPM0fvnI+dE7YxA0GOZgw0okcCHU=' 'sha256-L2oGnhhTC/4YJRmFBpCrroB+URcWwMzZ0HpARfVQeXo=' 'sha256-l8VujLMPpYVtS4BWI+X1tRZG4ZHXN3kPO7XmmbvnAMs=' 'sha256-LBytNAQtRznti4EpUNw3lvbHes/6mInZ/vrW/jEd1sY=' 'sha256-lLboJ7itK8+IdEYAl7yHNRYvX6Z+Sdkfrf9lqhQhIvM=' 'sha256-ltNFAWvWEwncxKxPIl1ab+P2Olqqge8zeDv4uzumLsQ=' 'sha256-maV8Zvz5pf6qxbzJAJ7IVrf94Mml7QH9qHCWr+uQawE=' 'sha256-mCpoSuCwN7atAE+s4T9hAen/lVbxemA5e1N/hEzSCpM=' 'sha256-MI8E3YIklhuXFCZfbyKWeor+8XTpOWVipoRsr1bfRTw=' 'sha256-mj2DdMPTxQwuNWm4YLkZt9pzl1Gv4R/mCcQOcUGn+mw=' 'sha256-MJhpFXh1DRBw6buatYQ4Lh2cCwBiaVkeba2iPt2h5f4=' 'sha256-mqbmGw36vBL53PjIEovRIO0isdzo4/cWoluy7xPX+sI=' 'sha256-MScgBThKhr5CfmjeWiMNNJKm33ilsjpx2rwcs9XjbUg=' 'sha256-MT4/9NAPxaa7kVbwNymss0c/cfhsMPEvCng72OjapE0=' 'sha256-mXpPuH9n7HaJUkeFpnxc0/og3dCpIMYH/Hn3rKTVn8M=' 'sha256-N90MKmRow2DpYEVeqcc3uc8pOUsS4Rg4sNmkau1k0xQ=' 'sha256-nG1xoudMpbJeELjsW3kHtsm60dn6+RFwjddORJI/bh0=' 'sha256-NNqEGzmeBl4VrEcAJURNHPoCNg5IUfSpO4dbkHrBSsY=' 'sha256-Nqnv3E9n9r2LBSogXvbAO9umMI9cTvFGAmWJslthC1E=' 'sha256-ntgU3+H6YDvouBcdk6iHse5skSYjAienwBcjnV1Jmbk=' 'sha256-nYm1SvisN7a+23BHNKyj9US9woe0l7OizZo/PsTBbFg=' 'sha256-o1oyPy6cOl3YQglquSVNDphgFTiAeR5DpZ7+KnyJlwA=' 'sha256-o5up9CfBY2ePgcb4eXTEeSp1c7RZRWFbadv2DNfSL3g=' 'sha256-O9iVHpK71LjpqvMaY/RYr2PKiskqYS0XPS5trrAX8x4=' 'sha256-oEtPuZhNxGdH89fOxcqf+3b0cxgAI5eN9TOAXRONlnc=' 'sha256-Ofg1ze+PHNOcwFJfpvbJUmFAxAdCaU7l37ww6sGpb6A=' 'sha256-OsFDt8lC2s0O8PiuXZHAuZK7U4ysK6TEIPwTOFDFU48=' 'sha256-oV4eQjquiIbqkHNe7e3+LfVaDZwnlHwPQBLYF8hs4Ok=' 'sha256-OvCDbdn5cnWbivJL0cSKdF8MUnJxE7CaHYpn7tvnHuo=' 'sha256-OvX2L3a3Z/w8RUY6QhapAyVrJ7OD+Jk+bIXg7qMmihg=' 'sha256-p7sOKJUU34sKBsMK52jlSJAP4lxkpgThlUocl3DmyFI=' 'sha256-pGL1aSjTFP1TxMrHfv24YZ9HivoEJxxHvYTBlmng/Lc=' 'sha256-Ph9MMs3PpUmNWqTt2fnk383H3+e6mwP1IM9Bc8Ay+4U=' 'sha256-PHahHXAOqAoNgf6YFR7lr6r3ewdXJTtk33tAMK971J8=' 'sha256-PHNIgu+GDsMC0btZMUMsdGmOczN3dMKHdONtHna56pw=' 'sha256-pNMtnKZg+7sgbJgoKGF3xakV6pSs/aNNFRLuoQYlxRs=' 'sha256-PSKLhPVIb9sHOGL4ojdPzKHOtViEolktk2MLIhPA0CY=' 'sha256-PX+FpGhrSGHQVNgTgm8gT4wk2qCBqykJg7yPo34J7Ks=' 'sha256-Px7Vk40ySc6RwOA7oE+uB1iVZG5bVSJwP0+T8qBNVQ4=' 'sha256-Qc5h+2WcBVWxteFn9m4f/pus8aehMlgdZfN5t+ekRpQ=' 'sha256-qd1Tcs5ZSyHB1juBOQ2Wxcx2Juk5TXqBzZ4FNpEky44=' 'sha256-qfX+xeD4/vqfuiMHXpankbzwSGHy/yxLmmTdcHXfXXQ=' 'sha256-QmPDeAQ1nULYzUyPQgwalnDm2sPlNjpdavYmJ+dA5dU=' 'sha256-qSefXdTwvYioc3+22jHxvMNKrWtFMSZtGUhur6nXk+0=' 'sha256-qu14v/LijKs8mUIQkhN6OumXqR+7KiH0DF6WNjwmWvY=' 'sha256-r6QJ5yBTdMA4aoXhPKiB+VkuCgwrgpiD3GsRA+2+msc=' 'sha256-R9bwH9gs1sZ6ObzVAK4wwJYUYeWcw1FQI9KJb4gH8HQ=' 'sha256-rdV1opZQvqoC4I0NTUlTusSbqZmZOcdEii5jBMMBfAQ=' 'sha256-Rh+FlObzmt8gaBEc/sW+UYEybWU3TxlosJ1mFxcYJVs=' 'sha256-RmqbUPJM6i3WHXhhUtg1wD8nRZo4H8cVymoxnsTSwd0=' 'sha256-RR4IB1dWr2j1SU3waS6mQ9ilJAUv/Eb8Io7L1kIpCV0=' 'sha256-rV0spYQG0d0TuY1u/n8B5eWjs2J7R19nr4UvFZYBXgs=' 'sha256-SC/alMJKNl2YOenvzLPfFV9o6L0OSZQipDKXGeUG5lw=' 'sha256-Sicmatin8mrbMFNpWP5803PzAEdwIoFW/3iVY+fdtjg=' 'sha256-skDxk73I92TDftjIFeIrboh7yx32gAjHujmT1XUbK5o=' 'sha256-SQJL9G/mK7h1VD5+coaifTYXDcqC7hCKFjVxsbzY5yg=' 'sha256-SqnrGwzXjM26U8LvMp650vXzhwI9XucEnn0Q2No7A9w=' 'sha256-srnQafcJKAGoTMJyfoVGGYZk9BPxVySnhIPzJJ03Kjs=' 'sha256-SSOcv4lSrD2fYnVeJJZrv+FTNvknhPh1IBhW6BUiCno=' 'sha256-TA8UPMdsiWBEfTAoS5piYnK9c8cdz7NFkNl0NVZ+IP8=' 'sha256-tLHcX69WsFuMHhLL10zt2BwRYJQcEl9rrY1wtILs91c=' 'sha256-TVVQ7KAhQ9a5lzHt8+78ZBX0KlhuQlCxzsJoWxc8nTA=' 'sha256-U4+mNiA8r1Qo4cOdMolWY8gP2fh9L0xLphuDsNMw0Eo=' 'sha256-uAng8f11qiEwA6LYEFXvd0bxw3AX6JOSBl8ka/qrhEQ=' 'sha256-UeKjw4+NmGGxNrqYrx15+B5dqVNwuHdE+77qp/b28co=' 'sha256-UfrvvzVTJZWjT3clZ2bzJl9tmY0Q7Ja2NvkHkS2w6Mw=' 'sha256-UKaBwxQ5D0YjtAFbwAztWKSF0rA+3iQ8FHNBxM4M1gw=' 'sha256-UllXmtbmyxmJuW7jM9bgcB3GLOLQ4GP2oV7eumS+Hvs=' 'sha256-uQD51VY260LAMKyP9cOC1uLnhllkMr8IU2H2jLvjc2A=' 'sha256-UXt+fqs/bd3KIFwC1IgCeNAUDxLF795KnRieQO5CGPo=' 'sha256-V4r+i0D2GOJxa4VlAPQ5BseAqG+LiQfzd9L3L12tyBA=' 'sha256-vCjOQJnCLbxlpDGfB81EAt1m/Fc1QPWhUqkR57CVZaA=' 'sha256-vgl6qjKsudMcvNHzGACyEqsMPEa9Ezzb5KgiKIb2jws=' 'sha256-vKclL2pN1XsFBhd31mcEhOKgpv/C/iPqiO3pu395LoA=' 'sha256-Vp9hvb0gxq+3ohNuyWf+hY569OnrxpzRJkYjDhFTIDY=' 'sha256-vv1NZGR7SDCqwGvEpWm16cTB3SznWV162+6QAtI3qwc=' 'sha256-w75olGW3fIUahw2Xmf+LlSUxnA9fe0uWl4uI9aRXZfs=' 'sha256-WcSsBrJAkHDl8Ll/VVn3s3dPQk5S0g74V/lcNL31O00=' 'sha256-wiB+xTUAd2Co8kIc2T2Q2IZKqshp2JW7LlN/NLz7OOo=' 'sha256-WLsXtdplg23I9F3uGzV+3IdyKW1bfUzH5RRN4A6438c=' 'sha256-Wnsf+1G6qK02O29RoK3Dg42I+8CYQYfppgBrYFsoyzk=' 'sha256-WRIlmm7cJQMOgik949+M+PYrppNDFH17S8L+dtE0WbI=' 'sha256-WRjObkihjN+ZRvszdZVxUEmU7IMzMTkzK7JWJ78+Kzg=' 'sha256-wtG/Ej+6aj5szz8oipEQk+oPd+0+A9pOIoX+pcXGR3Y=' 'sha256-X+WDRnGEQRTq4mxq0p2Jnqfjx6iQP8qEBnNvw4oxWj8=' 'sha256-XACpZeyu7oAW3bAowGT47UQTC8eMyx5kbGjZckrj4Ew=' 'sha256-XaOcIhsDAggTW5kOHb/4Ogq2aZh+SXw8uEidudQWrks=' 'sha256-XEE6jAMfm/pYwPueQzeCYoW3KmyUx2XF2aSkd6z15VY=' 'sha256-xF4eWPZqxlfE80PBmpmBhsfv+NaePg642e3gJeNymks=' 'sha256-XOxwY79IMHAho8YoYEHgxviefCIjBW9lZK8QsHrtTO0=' 'sha256-xruC0tSotxrInUv/VVFkRep2ruoQxHnBixQUCcTvjwI=' 'sha256-XTWynNVx7Ru4V0rXJLd+9El4uS9N5jiOce4c/s0ToC0=' 'sha256-Yk9rdlkkxSdLlKIRVHMytEx9vSKL109Kmo0CZfhj63A=' 'sha256-ykpyWV3JlKeHHM9Rb4OFEoUVsV078rcesm8YoFzE4mo=' 'sha256-yn+mDld/n31qvYd77v5aXVSsJFP1r80WStoVX0tJUug=' 'sha256-yrotX6rbqLBrcjDu7Ne8bEKQVFzjPXAw8XIiNXD/Guo=' 'sha256-yw3NZ4SepTNY7yTAj6QM62WPM5LOrPLuogDurAKt+DA=' 'sha256-yzh3J70sLEpqQEfzzZyh4VyrYCMFHPgRzARLCpxpxdU=' 'sha256-Z044VsKKOyKpPoAgTvT8zB52T2OavCR8RzWnnYi19PA=' 'sha256-Z1bKLQAkMF4Ks5PZa3jDoRjUpCCedV0y+BbJn+suWIs=' 'sha256-Z2FJNa+sUbVHD0VOiADS35U8tEyE8k1U5ETdZaF/g04=' 'sha256-z9MVvHJY81qGFCntidD9laJZiw5MCd8idWa8V6+70/Y=' 'sha256-ZdtV3dQULJ4JlaHVxlG9Fijnp6tvSYi5Jr36fCmfb5g=' 'sha256-zIH7LlPygESJi0QNkdz+2zJscr7uksMJVGNUdCBifm8=' 'sha256-zjZvPc0m6FdW3whoKrdh/uW9P4PdIHAf9mzskxFTOe8=' 'sha256-zkyvx7Ijmx6o+F1XgJKcN3kOnh3PnL9D+szMGYYbmgY=' 'sha256-ZmeuExIqGp0xznRisjU3sshoc51neDZ4f6jsIz9caKA=' 'sha256-zQqnX5Yhy0bUc1OuSXV88YhVi3479PTNnZqgAMfAeyk=' 'sha256-/aoXkrtBHBFZ4U//FYjMSSeNjXmUkI0dAWFl4nDNWUQ=' 'sha256-/By31HqoBlxLnGCIpVYE/5YdwMA0ImROhRAUwbDeoH4=' 'sha256-/e5YVLyqJomIamPo3tqlibovSBOKqup8GjhYLBYpmnU=' 'sha256-/OJqoN20Eiy9B1DRVZO7QJdubbtebqpzJoamKKb5czk=' 'sha256-/pm/El/PcLR4ERQMmSMtqNFK8tI1c1V1Yaz/z18tfrI=' 'sha256-/V73wEgCrtRgjhUJ1k3LX3vk+noGkEVGEWNvwOicrBQ=' 'sha256-/zACaP3y3sC5yA8EN/CXDGXrKCO1y1ao84crm/ZiVCg=' 'sha256-+9f8AbWkV2rvOmFO0+7BK403xxjm+bP0b5oT95EdX7k=' 'sha256-+gmaXNO6wJokBTzsLcfDGGcBiF1B06FAdO7hs7bei70=' 'sha256-+M4hgBYVsc9jnC6CCRDe4eXxVFM3VilGJMeASlfcR6I=' 'sha256-+pzjUcg3oInZjMV774Vi34RXcNWAfTJ38rnFMZj8Cm8=' 'sha256-+tpjLsgEFzSAmw+e07Yy9qyTF4xaaxdGyjWPa0C7yx4=' 'sha256-+TqM/y/F7qpH4bhapu0X6QgC257xM09+eEJTgqAdjc0=' 'sha256-+X8U+0lJjGO+KLz/hfozoNow8KQypmzBvwrPkMJqUgM=' 'sha256-0+P8vJ6rzd/6vFxS/FdBsKNk6bNj7HQxDw6ozRgG9aw=' 'sha256-08SKlQGKeuzrPxhysxu6nNS6sod9RP2DuQJ8yXvqIH4=' 'sha256-0SD48zeSihGI/Ihqn9ANkSLviVju35yg6QBNQYZVqV4=' 'sha256-0t5s4xy3xEhAN7PA5P3fDu5Z80yuSwuRZO5n9Olxx58=' 'sha256-0xksK9iTwy9TG8zsro3hxdhrqm8bPxrx4gVXYggEtcU=' 'sha256-0yeeVJs4s74XdsvDRFq+9xCzCYkFvmMjO4dTPQtMxKg=' 'sha256-0z+AXv1oPTc2J+fI9Jl6Dve/0Dk1rrB+r/5oXKgz0NY=' 'sha256-0z4C8KkqkhEunC70buQGIGVLsruENpBypsWrGSlMJVc=' 'sha256-11VrNSRDAWvceXoq7UocFuWRfIdoCEuHCryx7qCZTwA=' 'sha256-12EEIpuocmCq+bi69Ay9PhvvW4C7aGoeHL3kJjFIOO8=' 'sha256-1C4lleNNc1ULjdan5pSCb8Llz/Drdnffhe2EyuRLfBg=' 'sha256-1gD7EYUTxgJxPUl7JTOSJlu22P6OyLM3MTZGWE8z51E=' 'sha256-1LN8jtjqbmA6N3TRXgo8zLa/d50EoLKUU7QjSxAeyJE=' 'sha256-1NqATNBEIm7NQFlIITrq4z9P/ywK0HjO1Bwt1fI2kOM=' 'sha256-1qcuvX2g+2vs15LNqeSEWhZQ2LYWsCtqJC4pAqxXiNc=' 'sha256-1RxA8SHZtdU/dqK1g1Nn/589uBW7hWlhYqYmYVmdnv0=' 'sha256-1U5JghETDiGzPsl0cyQ7dpNlxC53RI6Bc7xie8BDNdU=' 'sha256-22fRxC5Ygyqw2vVSK5z71M1JzxDmr+z/GB7Kkd6UBSg=' 'sha256-244Ib7YgYLhZ+zXmWCPsvJaopBl7IjfCiTEZ3SB0ySU=' 'sha256-2dg0MZQjAVYnlw/fSObWPH0y/75vmWS1XgzpWtF8bVg=' 'sha256-2gs/18a8ec816QCe7QsYKYMBhE5b/xVXoRkgm1xux2A=' 'sha256-2hKAtVut7PpadszsuaeOQn6M8wxgA/4qjyLrdVEJ03U=' 'sha256-2JC+YpZ1P/pJEmOzLSn/x22Cyb5fgm7M82Fwa6Mc1T0=' 'sha256-2JjXdKxyGvyYGsx7Bpa3GlEn3dfkuVW+ZNb6RGz+6DE=' 'sha256-2LGcxFg4+iwWP8JTf/l/hT+5NVwIWplPo+3SemXP1ck=' 'sha256-2xG7vXwcJAcZOH+5aIF3SuoeGPO/0x6gmuXoGzRqQGA=' 'sha256-33sN8HjNd2AQ6D0hCca+u2WhL6KaNLNWMr3mxmfywuc=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-3njDmSmyCKqctwgpWh/IVNP8RWYjaHYzuAmKqhqnlyw=' 'sha256-3Sa84iOU26kKxhAMku8ddwP6vX5C86FP7qdKtxJMNjw=' 'sha256-4BiG07F1fnBI1bpqaLQ4TamgFiD7M8NBnJ/HzBd6HMk=' 'sha256-4C2OiCivqcBZGW8G7xTfsLF5V2V2fYqAblhQ5OGBeQs=' 'sha256-4E+BdGtfeVRonzCvHOIT9noPGfU4CbXXg2tG9tHgsNU=' 'sha256-4fXZjunb4YhrJabyt02DJPu/SmBFWS097C6IUtlTKyQ=' 'sha256-4G3/zsAXNgsfv+V7zWLxJbqyQgdoBPW9c9QT3xIa6L4=' 'sha256-4kv0zK5KQHa+CCdSG+qR72b/Q5aoBAfNul5/nRFGJy8=' 'sha256-4SHcbKIX1Fx5rhlottWqqHggM5MSJz+xg9uwwq8UK74=' 'sha256-5/A8B30634aSAYgSpfNjlcSn9gfSXwJaVD7xi2siUew=' 'sha256-5+icLCeJBDpELB4HBhZ95wv0K7z+2TZYs1hu5l2z51w=' 'sha256-56CXUgyE97Bm15wxkFg/u7HHR9pupfaOj25TdTEK8yA=' 'sha256-56Ux7bFiXpH4XtpL15k9Of5FDzzkOYra0cF3NH7s8k4=' 'sha256-5eYmdqCJSnMZ/aXDNSem1quMRsnkvEL4+Lclc2WpLQI=' 'sha256-5gDeKRRZ4vkYvwggbTLECc7i9pWVCd/+4fxykEwVL2w=' 'sha256-5GnDO8X8Inw1+Ej4fABCWlgXoNI+hfoo/GjMuIotx3Q=' 'sha256-5SBKh3q+pv9Jzs9bxQHdnXuw8O6NjuwBsaR8OroEtg4=' 'sha256-5TpZpXD9hsbEjhafi1KUruffsV3oBGo/RgUnuBRLRAI=' 'sha256-5wo9JNeC/+soNUxw9CiYsUafAg8MbFt/EZtskAO3378=' 'sha256-5ysZtup1ih55oXnnYoHzgwwkCieNYompNnVZxk4RcuE=' 'sha256-66ZiCQjPDrLPLAfIX+vTAWVuNgf6/MMDfsYSvT7QFZ8=' 'sha256-6ekjLLN9GiVyJxti7hSYzOCtdmvL3pzy51hddIWm2gg=' 'sha256-6GOhlD09xcmDMdRax3O2/B/vPSqPL0hnKqTl/GtflFc=' 'sha256-6kkyEql6cKzvzqn3hn9IPGVR4G7jKF5AApDr/J8kLZ8=' 'sha256-6MLpciPOEg1XodRcYkP7jDSBFvC51xFynrW3zVmVnBg=' 'sha256-6pJ2mLlGH6QBkErSexjT+JWzwfw6mVhGdoXZayXxmm4=' 'sha256-6ZYZXX7poFQqpUWM6MTh4zUnmwT9bzAKBw6l6F9S3KI=' 'sha256-7/AKyjQpSron0bo1zN4rIuIdNMaYAnWBp/Wk++ejjWo=' 'sha256-70DxgspLo+4WBiMGh8fLee/EuR52Mf+mFuF7wkcEd/0=' 'sha256-74YWfZniazbIVJN5bBD7133cUs6F6vdgRWb4Rn2R7gQ=' 'sha256-7B1TmGkl5/hYTQllNaEfK9phrtJJiIM18/ya6eFWlz4=' 'sha256-7CDQbYWFEMMg+6xNQDppVKftczUdWsNDnrfioX5eilE=' 'sha256-7QjiizGaIV/0HdTo3IYJW3cdwZC5lF69KZWWFmTz8Gw=' 'sha256-7RDyEQuD/LRyy2r8RtuhO6r/p6BoK9dszpwkpJ+g7aA=' 'sha256-7Ws2AyKvujvLTdkLx1mS/2n34EPBt+tOJk9lSFhZ02M=' 'sha256-7xaQfYOwgeNWz5xCxFdCnEVObiOETV09edU+DRmycOo=' 'sha256-8GmX/g+pv+/EbX1se3TScQYOYZzIAbdG9jLT9ox4E+A=' 'sha256-8Mj6eJ7TC0F/pRw71gssBoqhZ7h603+Dz1ePVMiZHOk=' 'sha256-8q1yaHlKd1x5MntNJpoyH4Vrn/G01SoQLE5VrQaNpHw=' 'sha256-8qbnx0LVW4Qx9pQVdTsupFafvJM6SncoJsyu+QTDstg=' 'sha256-8QgN5s29wA/ElqEU7vn3Oot6i2iNO1MEsjGJWSjxzlE=' 'sha256-8WRtzpsc99nkxVQQC0pfuG4HxwaD/eVhKMysVw9qm1w=' 'sha256-8x+Aj47+tnp53m9FI1N4USwnaM4Kf2zf3G63XONs110=' 'sha256-92KMOxeEaOiw5bLcFW2JSJMgBKOeQP1PYAQ6oZKCQVY=' 'sha256-96RCCzZXKhrXdpnCPm93DWaQbBqlpduTFd7CfDzOApQ=' 'sha256-9nADRWkj75SV7TCTzgpfecx+q7n1oPBtATb/lWXd+ZI=' 'sha256-9NYKU9blHvF6Q2EXh27eT0Lh2JukZKKbm8nnKugo5CY=' 'sha256-9qc3iW6erOxLInNW1H87sIq+U+ezgjOPyzvTiZIUmfs=' 'sha256-A/e9xPiZYlIOUvUvlOui2BtfyQOgcJfF2ABAchH0lOw=' 'sha256-a0++YokD6sCIIfvpn/EoQSh3TO2+6g2ZBy9H2R3FSic=' 'sha256-a4NL5kGLz6tX+wpZlRbcGNIcDqHREEr43cBtNmOqgzs=' 'sha256-A4oYkWkk5OOMpWrbeXgJnX7tPcNqKCte0xCBzdXztp0=' 'sha256-A7VLt6r0mjGl5wS0IS7eJROuMA3KRtFM0BLQRymZInU=' 'sha256-Aah+iadlAektsVguUgFNksz8LbVrY9OPBbZQ4fpQWC0=' 'sha256-AdllBDJCKdHgNaNkq7mlc2r4SqqqFxf/tKrKuQra+Ag=' 'sha256-af4ISY3hSckBpxtjhCDFj2MUXE1Zsbl/N7OxAiRxXd0=' 'sha256-Ag/EpdjHifVW8NDXc08BTbLQgiyLX5Kc/6cerHy3RfU=' 'sha256-AKswrMHyjd0GSwoPT81/UUJaaYc9Y1jTorRYps5GsQc=' 'sha256-Aku/Vw4vcTa8nmSSjRiaZ5Lp5laYFbwxrYXqiPgglPw=' 'sha256-aNQBrfsKYjVqOaUZAw2WOonbtpgKkDqrM6PUDfCrzRY=' 'sha256-AP+a0kasEkMYwoDb5ppyO6e5nlHHnceuh4HURKixS+U=' 'sha256-ASUgchAHmVi9YVWOwBAz7ND8s4rzQG/074KpcMkE6Ag=' 'sha256-atL9QI9049OC4IlvC3jVQhI32As+V5X1i/GC3x2NZ60=' 'sha256-AWTU8/9G4PRR1KwMJNHlhf7RO7N0edyYHO0fYJdB7SA=' 'sha256-B/SI0B1uyel2TJdmLCwHPLFT8f0UzLV1DZmLtzGBKnI=' 'sha256-B+96hzpCyjBDhaFb+3GE93D+yjKfcAUkeU5lJFh4HPs=' 'sha256-b0RdMAy3PkEjHG/zBd+uJv7Jc7LvPk3NaAsCZGXFFFw=' 'sha256-B4TBmncg3KpHh71LPXAhAEyUahAH1pshAjJ6tLVUPvM=' 'sha256-B6oiZr/EEQbGOrXt0v6fPh2Kx2w49LuJc3oLE7+u2jE=' 'sha256-B6zC6RoGOd37rNG7ck2wtjsy5AMrRNNsbluJR33GbBY=' 'sha256-b7P4LtavG0PQOKhWhgiaNphAjpB9nRzqMS1KQmQZKag=' 'sha256-bBZ4gYHRhAntfGGEXYbbcKLJrhNU7Q530R1BjMKBYXk=' 'sha256-BcYXBub9i2KftjNRt9crlGBuLP/Pd+R/+r+4Vi4ooHE=' 'sha256-bg0sBtw40kCp9CVW/GcdW64lq3WsNaPqRamU/HpMz+c=' 'sha256-bhQ7TBCCA+0zvNLG3/iQEY5zY7vM7pvMIPW5vwa06WE=' 'sha256-bIfrz/xBrVkDfX7rA/yC0+RjD/5QuoJ07gF/YaWySZo=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-BmmM2n64mGOPeE6DwzbuXA9pWff2yQoD0vIKMTuwmnE=' 'sha256-bNOyQvihubQEhvmFv/Ak0kBzb0yZTdYOPQk6npShIDE=' 'sha256-BS1gO+xbJWuweJu31X6awN985qlEikZ7WBc4rPe0lC4=' 'sha256-BSQJBIHi8v3e1jUenW+OStiGd7iXE+z2IaYluk+SZXU=' 'sha256-Bv1iLj+Ogr5nJHAJetHqbwWT7F0qsXHLZ8jTZwk4mBQ=' 'sha256-C0t10Q7shbu5mepM9roWUOTli3+7jwP1tttUm0yKmSw=' 'sha256-C0XwLJuwUkW+X0QOr9+VW0zk85+lKe0qBdZsmk0XOgc=' 'sha256-c5lGxzpR592ODjm847Mzp23EdhR39+Cw5cncspWVbxI=' 'sha256-C9YqhDVeJxKXl8qAL02Kel+T1L1OeJYhkFNHT8nwPBI=' 'sha256-ccoGVG91H9EGYbiFnWCauZZFcl4LIqhMj+y0WRKRYVM=' 'sha256-cD9/5wHMZN04KEuS62Yb1XUQ7ShTtNTwwY8axfooAlw=' 'sha256-CDRyJ8jLgxmSN+73iMO+PyGFXc32eySWiEwSVB0w2FM=' 'sha256-CF8eGd7XU27bSnCTom7TJHG/vF1azgc15tT8aOvVdVM=' 'sha256-CGbq9R84bEY/aK3pcbjQ9s9oWdOGPbneA7PS+8aRijI=' 'sha256-cHVrdRHnkGPWXb4kVmY5/UN8e7jjGL4ze3V085bB9YU=' 'sha256-cLikivPqiqMM+pi+8KHvbUngCJm2+GxOUCgOvNXaKUk=' 'sha256-cpz32LoPng3Qwy7LrGl4RZLRIpo3Wj1yYAOMcAqtFbs=' 'sha256-CqABu4gmdGCek/leE0CpyQq7F7WkgU4p6HnRkUdDHBQ=' 'sha256-CrWx/Sji+T6g61w9M7VC1MjR+512lxnUXu5kLA8bee8=' 'sha256-CUZ/aLdkYTc8N18biC9XzPi8PSuOrimZFVC12nIkObA=' 'sha256-cv1ukpAk94t+mwbr5kr4wS7iH+ltnBD1MQvQGr13aws=' 'sha256-cWtuJjkhpvSGrKzPybvWldkxLLQ7EtuMzqZANpi0/nE=' 'sha256-cyuaTX0TDfjC51bJRykhWfkWGDTAtVwTyWBqnL5aB1w=' 'sha256-cZyDEQ35Evs8P0rAm0iJ2XA6VMR5hWRey6n+t4QxFbc=' 'sha256-d+wXDss9UBimsC1O+zMCSj8dySrPasmrFrLRv5nYlE8=' 'sha256-D6XfUKFrC7LQwQOzNoD+F5FhELBARIlNCrS07MBOnEY=' 'sha256-dj+4TxBdaQU/yBFGC16ZhTJ2vuaAYXncjq+H3DOYyDo=' 'sha256-dl5TBF5+S+1dX97WydPFnEo1TDjOYHYPfZAehwcBpbU=' 'sha256-DLkH4zGccGzNB08v0lcL5v1D5BG63+nDsCUTSoA1h/M=' 'sha256-DR041HzbQbgzGWAnnvgLFAZzb05bcil5chxLDI6RGG0=' 'sha256-DTMkEPvAbGVRVNkeJ0r9xmuQ+6zbLNeLKmANaCujWSc=' 'sha256-DvTfFSpi1JNiGjcP19W/unotRWoWHStiyOw2m/rr0SA=' 'sha256-dyaWqqRRpBnqE30N6Y/lvTW1ZWx2vSe2jbFbWVuY3Nk=' 'sha256-E/QDPAiJhTh/ziVvF/C7w5397ot+sQfv373VLI/SH70=' 'sha256-e/T91dEUTbtISAZJjYHVNzNA2NyNoin0Snv86jBYohA=' 'sha256-e0PHBTaG24cmXHMAmzwzaOFDE4Ez/IQZ5IJ7NzhXsi8=' 'sha256-e1yDa48X9KMWVNoY+KdMgVDBYsI+pduyEo6+LppZ/Yc=' 'sha256-E5a9RCasBDz9GYpAkFzwHP2ZjqmSEVyAN/SozU10pSU=' 'sha256-e752liEgk4tVvS9+nmTKaOsJgxD+MhHBJ3b/Gd2MMSA=' 'sha256-EBRHrxHmjD3OwHUClH1reBGXXFUohQldiQ65qcTDrR4=' 'sha256-edW+KixhylnxLGOJoo3iC5UsjEj4HijvIQvP3cgo7ig=' 'sha256-EjZ7PWpFf7orz6DIQoa7haWxyARXv0wWQxKtxiwnkBM=' 'sha256-elajVms1shLruT4vWCr5SXOhl6/MdemlNNRP1BEowZE=' 'sha256-ELjeQ4EZQeWnN+/xW3YdwyKFc5cjgwPToNqYsExtILE=' 'sha256-ElOJrP2dygyMuP8dm16ZZ/bDbzWqXk6f7Q2/KOeVUVU=' 'sha256-ENsBKp7hbsD8rN7pBYLSKb0VLDPWQLBz6DM0MFRXBAw=' 'sha256-ET63W6vR2UV1BMzBx1cLu4E7csjrv5+sJLwTKpO3qu0=' 'sha256-eXgREZid9Guss/2u/NOTorUDScRvd1XPKR6kblEFhcg=' 'sha256-Ez4e1VO2RDiMf+/LgN9MzJx7Ljap9USJk6PF0gvTuq0=' 'sha256-fdL0OIIvfhrg2HweuYMqqxSUz+HVtnfGUTLT8/ILjJY=' 'sha256-FEdJAmY7NgieOBchs0odbVe/ECBXLLGfWMLWAJ3KYAs=' 'sha256-Fi2WL7GhaB0pqIGjID1Mfvk3vA8HxvzXrn22SmjvQIg=' 'sha256-FouEDterC2OxdDBsivI84q2VEMqnYBPnDRFFTmY9ysc=' 'sha256-foZrVCOpqJaD6o2F2Mup73nNRUxjwzDK39da1hAhjJE=' 'sha256-Fs0fkfbnG6TT/G7L0HY9RDh/sr8tJwt4o1TScmlV2lo=' 'sha256-Fsvo8Rs0bQXB7qzV+rpk8weFn0w0YycCNEnZ9xm0MTQ=' 'sha256-fWaXAd2A8G13ea8IoaX3mahMGH8KRbbTgS/BebQXhLE=' 'sha256-fwJWBAnvWpbuiZ58r8AQhCp69kpBfU4LUx19o9Xog/I=' 'sha256-g+drOBPAY28Sg00hxBEsGhOyC0C5FGgXo2VUt+eKIYg=' 'sha256-g3h2wVQEJi/oILN8Sw7/a1J9l4do1gSvNtS37IIWZew=' 'sha256-g621kfRp79BlBb1xE02Q5AlnKJQ+91CxHy7+JW+/Im8=' 'sha256-gBbrLyFjsal29TG4zx9wOwYdIGfHOI9cEbmkdu0+9mU=' 'sha256-gCIgrgW/3FMq6exuG9WigvFUY9ddy/Q2qMvFql42gPY=' 'sha256-GCVhyjmY2VGv0ZnJTEyFhF2KFIPF8VwViygLABnzaZc=' 'sha256-giiTgRhKKo2vokihRQBkecRl2uRXDvWx91g5Tm4gc3I=' 'sha256-giSs6JQdtWJ5ouCGpByq0ZU59weaMYR75GjLLGsXT1U=' 'sha256-GmEsXU3LGlk1Hi0n7wHDy9u8i/pUrkQtL0wYscpElS0=' 'sha256-goENgEROKbHCnAnosOMITYWTw10k5t7Li/IKe7xvDvk=' 'sha256-GtG3h0zvL8PYG8lUvx8j/w5TXt7Rvx0Wrvges/d9Szw=' 'sha256-GW27+wwbIQqh4fptz/be6Q/VnPE6vlgqOX3K1kKm+G4=' 'sha256-GwaPDNFRw+bKiMNNBb6XxYaNLb6ynyXntoQBRvbD+yQ=' 'sha256-h/IJWAUZnewneg7NXLG9B7y3mY5zDeJV/yGXv7K35us=' 'sha256-H/TjRRfKNSFVvVtkA/neOfU3Mo6zbeyCOHiq7/I9/KY=' 'sha256-H6bwpFWXR/eShjuUwkxjkWoCS34Px4BluO4NVFDDK28=' 'sha256-hg4AF5qJ17PMmPWxZFUNPhnMGs/mfOKb6PiQS0pW/OE=' 'sha256-hGA/RLQMOVDQWE2Y9vceBQGKlXPTnt2VvcZJA3p/tCo=' 'sha256-HH4HlhI1ack0XMLq+TR6i+G+1QUihvABVXfE2aObsfc=' 'sha256-Hi+HNn6HXnsFI3tIihX8kPNObjhhQyz1pRhc02ZrJfA=' 'sha256-hJMJi1ILOoC1EhLZZN907W8m0tSU4ygoIIXv4iy9tMc=' 'sha256-hpVHwJeNdjG0ZG3pd+/ythaRdeOrWHUqwWcwNv8E6uI=' 'sha256-HXcdgrJ3YX5b68qv3M3ObwdY3KZo+Z3WWu35n8+1d6g=' 'sha256-i+f6qREO4kzn12ZeoUBVNlQIysgNVPOrQTQLaAvRU+4=' 'sha256-i1gOGZ9oXesswM3cD9dNZ13kc6iFTI8xiX90z5t+vU4=' 'sha256-I7YUHCe5R8CZRFraMdDpfS4NTwYu9IoaeSN0HqpnIms=' 'sha256-ibUyRmpvXuFSjG7EjQD1XvPCJGfOnq63eUCvVF9j/6I=' 'sha256-IDMiY5Fpltjj2kXLp2Q4luYLF7MdeDcZEYGIDkJdAJI=' 'sha256-IGOd2DO6YsCzC4x57iJqS30m0ZO92QRNSeSs62jsIsk=' 'sha256-IGVpPNdIkC0DrzDYtoh/2GScfJiyJGGN0i99DylnGuo=' 'sha256-IHyGLTQ/dVsfhX3/kYWpCxr+deJRe6bBA8FQbYBFyOk=' 'sha256-ikAKD4CjV+RiHjGO8qFN3TytAxIX/kEFfgf5lHlWv0k=' 'sha256-ikMqALjcGvC21dtYtrFTsMBgYn7tOViHFYMwzGgWQJA=' 'sha256-IleF/F3+cFspJw0BnEro4SSyt9HRXS6HyB+ajG6w/hQ=' 'sha256-Im2guEGtXiam/wW92kt3ROF9StdG1I1SVz5e7R88TH0=' 'sha256-IoWaxw4014zIowBcHjZDDx3pGcKQLCtE3UMXRWAO4PA=' 'sha256-IqI2zhhLITHJlW4/Ds36fYdGBfB2Gfge8RGHRnGMQm4=' 'sha256-ItHHIZOsKtaaKxFyBiv5s+PvgRpOJxS45xIjPK/iFMk=' 'sha256-iv2d0NJxZUrFc+lLJEOy/0vbEKQmxAZ9NCi+fb9kFRQ=' 'sha256-iwaegij2hYoU7cs1U/g7cPPSgHxCm0DaBFBtu+XTx00=' 'sha256-IYXWRw1LDXAka3xr1ZQKvnmFadLss49Y1YSCokGq7zQ=' 'sha256-j/fMA9w8D77bX+H54eX+OxVbthSscya2VkfT6h8/1cA=' 'sha256-JA5citsUIbF87seGSsdyjQl09tX6uzdRCrT4zriYZ8g=' 'sha256-jhBbv6wYwJCvGg1qQlUkffyiS7WQhN/nO3PoIPnIHQY=' 'sha256-jHFR+V3mwWKkF1/8mnIAQXZ/096TsNnZDCFjO0lbvr8=' 'sha256-JInVEUNjciAUDK+R3KRRDlOHoEE8VznBaV1wKiL5Dqc=' 'sha256-D/tTtyTV7U+yqkFdOF3n25NeFVhBCma/syyHAd84lvs=' 'sha256-PKOJuCniQoh5C53Gajyl1PAZ0w8oSZsXO0CH9aGlDFo=' 'sha256-y0+M4CeMdjOWl5xiWw2Zhq2i1b00H8SwMAk8O047Xp8=' fast.wistia.com tagmanager.google.com fonts.googleapis.com cdnjs.cloudflare.com/ ; frame-src *.doubleclick.net *.storylane.io www.prismhrlive.com *.youtube.com bid.g.doubleclick.net *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com fast.wistia.com fast.wistia.net vars.hotjar.com www.facebook.com player.vimeo.com *.google.com; child-src app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; img-src 'self' *.demdex.net *.crwdcntrl.net *.openx.net *.doubleclick.net *.sitescout.com *.rlcdn.com *.agkn.com *.clickagy.com cdn-cookieyes.com c.clarity.ms/c.gif px.ads.linkedin.com/ bat.bing.com/ p.adsymptotic.com www.facebook.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net www.google.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.hubspot.com cdn2.hubspot.net forms.hsforms.com *.facebook.com *.wpengine.com; font-src 'self' *.wistia.com fonts.gstatic.com cdnjs.cloudflare.com; connect-src 'self' *.google.com wss://*.hotjar.com *.clickagy.com *.oribi.io *.hotjar.com *.zoominfo.com log.cookieyes.com cdn-cookieyes.com events.bizzabo.com *.google-analytics.com *.hubspot.com stats.g.doubleclick.net/ api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com *.litix.io *.wistia.com yoast.com my.wpengine.com embedwistia-a.akamaihd.net; form-action 'self' forms.hsforms.com forms.hubspot.com www.facebook.com; media-src 'self' *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; worker-src 'self'; frame-ancestors 'self'; 3 img-src https://shopping.com https://*.shopping.com https://*.paypal.com https://*.ebayimg.com https://*.cnnx.io https://*.ebayadservices.com https://www.paypalobjects.com https://img.fruugo.com https://hst.tradedoubler.com data:; report-uri https://monitor.ebay.com/csp-report/shoppingdotcom 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.kwai-pro.com http://*.kwai-pro.com http://*.kwai.net https://*.kwai.net *.kwai.com *.snackvideo.in *.kwai.me *.kwai.app *.kwimgs.com *.yximgs.com *.cloudfront.net *.kuaishou.com https://*.gifshow.com http://*.gifshow.com https://log-sdk.ksapisrv.com https://www.googletagmanager.com https://gifshow-static.download.ks-cdn.com https://static3.avast.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://connect.facebook.net www.google-analytics.com hm.baidu.com m.snackvideo.com http://*.ap4r.com https://*.ap4r.com https://*.typekit.net http://*.typekit.net ak-sgp-pic.snackvideo.in tx-sgp-pic.snackvideo.in ws-sgp-pic.snackvideo.in g-us-kampic.golden49.net g-us-kamcdn.golden49.net m.kwai.com sentry.kuaishou.com asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;report-uri https://csplog.kwai-pro.com/log/kwai/wwwkwai 3 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline'; frame-ancestors 'self'; img-src https: data: ; object-src 'none' ; report-uri https://sentry.uniregistry.com/api/18/security/?sentry_key=f430f663325b402bbc96cb5da277ab92 ; 3 "default-src data: blob: 'unsafe-eval' 'unsafe-inline' https: 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com *.bazaarvoice.com bat.bing.com cdn.attn.tv *.optimizely.com cdn.polyfill.io cdn1.affirm.com connect.facebook.net *.allposters.com *.doubleclick.net js.intercomcdn.com pixel.mathtag.com s.pinimg.com static.klaviyo.com tag.rmp.rakuten.com tags.bkrtx.com *.intercom.io *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com code.jquery.com *.intercom.io *.artprintimages.com *.affirm.com *.allpostersimages.com; object-src 'none'; base-uri 'self'; report-uri https://csp.prod.walmart.com/c/r/artal;" 3 default-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.kwaixiaodian.com https://*.kwaixiaodian.com http://*.gifshow.com https://*.gifshow.com http://*.kwaishop.com https://*.kwaishaop.com http://*.kuaishou.com https://*.kuaishou.com http://*.kuaishoupay.com https://*.kuaishoupay.com http://*.ksapisrv.com https://*.ksapisrv.com http://*.yximgs.com https://*.yximgs.com http://*.kwimgs.com https://*.kwimgs.com http://*.eckwai.com https://*.eckwai.com http://hm.baidu.com https://hm.baidu.com http://www.gstatic.com https://www.gstatic.com http://fonts.gstatic.com https://fonts.gstatic.com https://t.captcha.qq.com http://t.captcha.qq.com data: android-webview-video-poster: blob:;font-src 'self' http://*.kwaixiaodian.com https://*.kwaixiaodian.com http://*.gifshow.com https://*.gifshow.com http://*.kuaishou.com https://*.kuaishou.com http://*.yximgs.com https://*.yximgs.com http://fonts.gstatic.com https://fonts.gstatic.com http://at.alicdn.com https://at.alicdn.com http://cdn.bootcdn.net https://cdn.bootcdn.net data:;script-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.kwaixiaodian.com https://*.kwaixiaodian.com http://*.gifshow.com https://*.gifshow.com http://*.kuaishou.com https://*.kuaishou.com http://*.yximgs.com https://*.yximgs.com http://*.kwimgs.com https://*.kwimgs.com http://*.eckwai.com https://*.eckwai.com http://hm.baidu.com https://hm.baidu.com https://captcha.gtimg.com http://captcha.gtimg.com blob:;form-action 'self' http://*.ksapisrv.com https://*.ksapisrv.com;frame-ancestors 'self' http://*.kwaixiaodian.com https://*.kwaixiaodian.com http://*.kuaishou.com https://*.kuaishou.com;report-uri https://csplog.kuaishou.com/log/kwaishop/wwwkwaixiaodian 3 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 3 default-src data: https: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; img-src data: *; script-src 'unsafe-inline' 'unsafe-hashes' *; style-src 'unsafe-inline' 'unsafe-hashes' *; connect-src *; child-src *; font-src *; report-uri /_csp; report-to default 3 upgrade-insecure-requests; base-uri 'self'; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' https://fonts.googleapis.com https://sdk.primer.io https://a.loveholidays.com; report-uri /csp-report/ 3 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 3 default-src 'self' https://*.ebizautos.com; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.wistia.com *.wistia.net *.listenloop.com *.company-target.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com *.doubleclick.net *.driftt.com *.techtarget.com *.driftqa.com *.pingdom.net *.swiftypecdn.com *.swiftype.com *.abtasty.com *.cookielaw.org *.hotjar.com *.hotjar.io *.nr-data.net *.marketo.com *.twitter.com *.soundcloud.com *.youtube.com *.akamaihd.net *.bing.com *.clarity.ms app.hushly.com hubfront.hushly.com cdn.bizible.com; font-src * data:; frame-src 'self' static.addtoany.com; img-src * data:; media-src * blob:; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com cdn.bizible.com *.googleadservices.com *.twitter.com *.ads-twitter.com *.licdn.com *.engagio.com *.listenloop.com *.demandbase.com *.driftt.com *.facebook.net *.adroll.com *.adroll.mgr.consensu.org *.newrelic.com *.hotjar.com googleads.g.doubleclick.net https://dn1f1hmdujj40.cloudfront.net *.swiftypecdn.com geoip-js.com *.pingdom.net *.abtasty.com *.techtarget.com *.cookielaw.org *.nr-data.net *.marketo.com *.marketo.net *.twimg.com app.hushly.com hubfront.hushly.com *.jquery.com *.onetrust.com *.maxmind.com s3.amazonaws.com *.bugsnag.com *.wistia.net *.bing.com *.clarity.ms www.forgerock.com http://www.forgerock.com blob: https://fast.wistia.com https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' *.forgerock.com *.googleapis.com *.cloudflare.com *.swiftypecdn.com *.driftt.com *.marketo.com *.wistia.com *.wistia.net *.twitter.com *.twimg.com app.hushly.com hubfront.hushly.com; report-uri https://forgerock.report-uri.com/r/t/csp/reportOnly 3 font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com *.hotjar.com x.klarnacdn.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com js.stripe.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com insight.adsrvr.org match.adsrvr.org www.affirm.com sandbox.affirm.com bugcrowd.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com script.google.com *.hotjar.com *.iterable.com *.klarnaservices.com *.online-metrix.net privacyportal-cdn.onetrust.com imgs.signifyd.com *.vimeo.com vimeo.com record.webeyez.com d.emails.wahoofitness.com wahoofitness.yonyx.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://helloextend-static-assets.s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.adnxs.com public.adobecc.com data.adxcel-ec2.com insight.adsrvr.org match.adsrvr.org *.affirm.com *.amazonaws.com *.atdmt.com *.bing.com *.bazaarvoice.com *.clarity.ms dis.criteo.com gum.criteo.com *.ctnsnet.com ad.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net cdn.dynamicyield.com www.facebook.com *.google.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.iterable.com kcc0.com *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io www.lightboxcdn.com simage2.pubmatic.com alb.reddit.com imgs.signifyd.com t.co tk0x1.com *.wahoofitness.com ads.yahoo.com *.analytics.yahoo.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.stripe.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.helloextend.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.adnxs.com js.adsrvr.org lightboxapi.azurewebsites.net bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com bugcrowd.com assets.bugcrowdusercontent.com *.affirm.com *.clarity.ms static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.fontawesome.com *.google.com googleads.g.doubleclick.net www.gstatic.com *.hotjar.com *.iterable.com *.ktxlytics.io www.lightboxcdn.com cdn.livesession.io i.loopme.me js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com oc-library.klarnaservices.com oc-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv cdn.segment.com imgs.signifyd.com static.ads-twitter.com analytics.twitter.com d.emails.wahoofitness.com record.webeyez.com sec.webeyez.com resources.xg4ken.com *.yotpo.com www.youtube.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com https://fonts.googleapis.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com *.hotjar.com www.lightboxcdn.com x.klarnacdn.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.bazaarvoice.com data: mpsnare.iesnare.com www.wahoofitness.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://*.helloextend.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.affirm.com bam-cell.nr-data.net *.bing.com *.clarity.ms cdn.cookielaw.org track.cordial.io script.crazyegg.com i.ctnsnet.com stats.g.doubleclick.net *.dynamicyield.com www.facebook.com analytics.google.com *.hotjar.com mpsnare.iesnare.com *.iterable.com wss: gdpr.loopme.com i.loopme.me *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io rs.livesession.io bam.nr-data.net *.onetrust.com insight.reflow.tv api.segment.io cdn.segment.com imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 bt.signifyd.com:11103 d.emails.wahoofitness.com vimeo.com record.webeyez.com send.webeyez.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b73c76520e1c6fd88a089eacc1b590fe.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 3 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://s.go-mpulse.net cdnjs.cloudflare.com https://cdn.siteimprove.net; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://s.go-mpulse.net cdnjs.cloudflare.com https://cdn.siteimprove.net; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/report-uri/reportOnly 3 default-src https:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://www.preloved.co.uk/t/csp-report; 3 worker-src blob: https:; default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; script-src-elem https: 'unsafe-inline' 'report-sample'; font-src data: https:; connect-src https: wss:; frame-src data: https:; img-src * 'self' data:; report-uri https://infakt.report-uri.com/r/d/csp/reportOnly 3 font-src *.yotpo.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.klarna.com *.mention-me.com *.yotpo.com *.bounceexchange.com *.ada.support *.google.com *.google.com.mt *.google.co.uk *.google.fr *.google.it *.trustpilot.com *.facebook.com *.bulk.com *.studentbeans.com *.doubleclick.net *.zenaps.com *.criteo.net *.criteo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.yotpo.com bulk.com *.bulk.com *.google.com *.google.com.mt *.google.co.uk *.google.fr *.google.it *.google.co.in *.facebook.com *.facebook.net *.bouncex.net *.bounceexchange.com *.monetate.net bulkpowders.co.uk *.gstatic.com *.postcodeanywhere.co.uk *.zenaps.com *.awin1.com *.atdmt.com *.doubleclick.net *.cooladata.com *.bing.com *.quantserve.com t.co *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.klarnacdn.net *.klarnaservices.com *.mention-me.com *.yotpo.com *.monetate.net *.dwin1.com *.facebook.net *.bounceexchange.com *.jetlore.com *.ada.support *.scarabsearch.com *.scarabresearch.com *.g.doubleclick.net *.trustpilot.com *.queue-it.net *.gstatic.com *.newrelic.com *.nr-data.net *.google.com *.pcapredict.com *.postcodeanywhere.co.uk *.co-buying.com *.studentbeans.com *.zenaps.com *.sciencebehindecommerce.com *.criteo.net *.criteo.com *.cooladata.com *.zendesk.com *.zdassets.com *.bing.com *.quantserve.com *.quantcount.com *.twitter.com js.klevu.com *.ksearchnet.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.yotpo.com *.googleapis.com *.typekit.net *.bounceexchange.com *.postcodeanywhere.co.uk *.klarnacdn.net *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src *.bulk.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.klarnaevt.com *.mention-me.com *.yotpo.com *.ada.support *.google-analytics.com *.g.doubleclick.net *.scarabresearch.com *.logs.datadoghq.com *.bouncex.net *.nr-data.net *.postcodeanywhere.co.uk *.bulk.com *.sciencebehindecommerce.com *.zdassets.com *.zendesk.com *.klarnaservices.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 report-uri /api/csp-report/ 3 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.dow.com dow.6connex.com *.tt.omtrdc.net; report-uri /cxsite/csp-report/csp-report.html 3 default-src https: 'unsafe-inline' 3 default-src 'none'; connect-src 'self' https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://ka-p.fontawesome.com https://maps.googleapis.com https://notifier-configs.airbrake.io https://s.yimg.com https://stats.g.doubleclick.net wss://*.hotjar.com https://www.facebook.com/tr; font-src 'self' https://*.fontawesome.com https://fonts.gstatic.com https://*.hotjar.com; frame-src https://*.hotjar.com https://9860174.fls.doubleclick.net https://go.adflegal.org https://insight.adsrvr.org https://www.facebook.com https://www.google.com https://www.youtube.com; img-src 'self' https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://9860174.fls.doubleclick.net https://ad.doubleclick.net https://analytics.sleeknote.com https://img.youtube.com https://maps.gstatic.com https://pixel.quantserve.com https://sp.analytics.yahoo.com https://www.facebook.com; script-src 'self' https://*.hotjar.com https://connect.facebook.net https://www.gstatic.com cdn.jsdelivr.net https://apis.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://embed.idonate.com https://js.hsforms.net https://kit.fontawesome.com https://maps.googleapis.com https://sleeknotecustomerscripts.sleeknote.com https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googleoptimize.com mdbootstrap.com 'unsafe-inline'; script-src-elem 'self' https://connect.facebook.net https://googleads.g.doubleclick.net https://js.adsrvr.org https://rules.quantcount.com https://s.yimg.com https://secure.quantserve.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com cdn.jsdelivr.net https://apis.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://embed.idonate.com https://js.hsforms.net https://kit.fontawesome.com https://maps.googleapis.com https://sleeknotecustomerscripts.sleeknote.com https://unpkg.com https://www.google.com https://www.googleoptimize.com mdbootstrap.com; style-src 'self' https://*.hotjar.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com mdbootstrap.com use.fontawesome.com; style-src-elem 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com mdbootstrap.com use.fontawesome.com; form-action 'self' https://connect.facebook.net https://www.facebook.com/tr/; frame-ancestors 'none'; report-uri https://adflegal.report-uri.com/r/d/csp/wizard; block-all-mixed-content 3 default-src 'self' affil.eshop-rychle.cz exponea-api.eshop-rychle.cz www.youtube.com www.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net; font-src 'self' fonts.gstatic.com; img-src 'self' www.facebook.com www.google.com www.google.cz *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net c.seznam.cz www.seznam.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' affil.eshop-rychle.cz connect.facebook.net www.google.com *.google-analytics.com *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com c.imedia.cz www.seznam.cz exponea-api.eshop-rychle.cz; style-src 'self' 'unsafe-inline' fonts.googleapis.com 3 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: *.gstatic.com *.googleapis.com *.klarnacdn.net *.worldpay.com *.cnetcontent.com *.1worldsync.com static.criteo.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.bazaarvoice.com www.facebook.com https://secure-test.worldpay.com/shopper/3ds/ddc.html *.nosto.com *.nos.to api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.bazaarvoice.com *.worldpay.com *.nosto.com *.ometria.com *.sitescout.com *.doubleclick.net *.pixel.ad *.veinteractive.com www.facebook.com *.zenaps.com campaign.odicci.com g3d-app.com services.sdiapi.com *.addthis.com *.addtoany.com *.twitter.com *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.commbox.io *.klarnaservices.com *.klarna.com *.google.com *.hotjar.com *.hotjar.io *.lightwidget.com www.paypalobjects.com ometria.email https://pay.google.com https://secure-test.worldpay.com *.nos.to display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.criteo.com *.criteo.net *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.bazaarvoice.com *.nosto.com apps.bumpyardpro.com images.unsplash.com source.unsplash.com *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.brsrvr.com cm.everesttech.net *.behance.net www.googletagmanager.com *.ometria.com *.gstatic.com *.googleapis.com *.awin1.com *.zenaps.com *.doubleclick.net *.sitescout.com *.google.com *.pixel.ad assets.robertdyas-static.co.uk www.google.com.ua www.google.com.uk www.facebook.com robertdyasuk.twgdns.com *.klarnacdn.net *.clarity.ms *.bing.com *.assets-servd.host *.contentsquare.net apps.commbox.io *.amazonaws.com *.twimg.com *.twitter.com *.cnetcontent.com *.1worldsync.com g3d-app.com *.cloudfront.net *.ediemidnightzombies.com *.cloudflare.com *.nos.to display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.google.co.uk *.superpointlesshamsters.com *.criteo.com *.criteo.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.bazaarvoice.com *.iesnare.com *.nosto.com apps.bumpyardpro.com *.brsrvr.com www.google.com *.cnetcontent.com *.worldpay.com *.ometria.com *.gstatic.com *.googleapis.com *.serving-sys.com *.doubleclick.net *.flx1.com *.veinteractive.com *.dwin1.com *.criteo.com static.cloudflareinsights.com *.criteo.net snap.licdn.com g3d-app.com *.klarnacdn.net *.klarnaservices.com *.facebook.net *.sdiapi.com *.googleoptimize.com *.newrelic.com *.taggstar.com *.commbox.io *.clarity.ms *.bing.com *.hotjar.com bam-cell.nr-data.net cdn.cookielaw.org *.contentsquare.net *.addthis.com *.addtoany.com *.addthisedge.com *.twitter.com *.twimg.com *.google.com *.1worldsync.com *.lightwidget.com *.youtube.com *.ediemidnightzombies.com smct.co https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.nos.to apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.moatads.com *.nr-data.net *.superpointlesshamsters.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.fontawesome.com *.bazaarvoice.com *.cnetcontent.com apps.bumpyardpro.com *.googleapis.com cdn.taggstar.com cdn.cookielaw.org *.klarnacdn.net *.commbox.io *.worldpay.com *.twitter.com *.google.com *.1worldsync.com *.cloudflare.com *.nosto.com *.nos.to display.ugc.bazaarvoice.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com apps.bumpyardpro.com apps.commbox.io *.cnetcontent.com *.1worldsync.com static.criteo.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.adobe.io performance.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.bazaarvoice.com *.nosto.com *.dxpapi.com api.edq.com *.ometria.com *.demdex.net *.serving-sys.com *.veinteractive.com *.sdiapi.com rum-collector-2.pingdom.net bam-cell.nr-data.net api.taggstar.com *.sciencebehindecommerce.com *.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.clarity.ms *.worldpay.com pay.google.com *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io cdn.cookielaw.org *.contentsquare.net *.onetrust.com *.cloudhub.io *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.1worldsync.com *.cnetcontent.com *.addthis.com *.doubleclick.net *.ediemidnightzombies.com *.nos.to api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google.com.ua bat.bing.com *.taggstar.com *.google.co.uk *.nr-data.net *.superpointlesshamsters.com *.criteo.com *.criteo.net 'self' 'unsafe-inline'; child-src *.criteo.com *.criteo.net http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 child-src 'self' blob:; connect-src 'self' script.crazyegg.com tracking.crazyegg.com www.google-analytics.com maps.googleapis.com stats.addtoany.com pagestates-tracking.crazyegg.com/healthcheck assets-tracking.crazyegg.com/healthcheck; default-src 'self'; font-src 'self' data: fonts.gstatic.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; frame-ancestors 'self'; frame-src 'self' lpcdn.lpsnmedia.net va.idp.liveperson.net static.addtoany.com share.transistor.fm www.onlinebanktours.com player.vimeo.com fintactix.com bancorpsouth.custhelp.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net insight.adsrvr.org match.adsrvr.org; img-src 'self' data: d21y75miwcfqoq.cloudfront.net cadcdnuat01.azureedge.net cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net maps.gstatic.com maps.googleapis.com i.vimeocdn.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net https://www.facebook.com/tr/; media-src 'self' cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com script.crazyegg.com lptag.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net va.v.liveperson.net cadcdnuat01.azureedge.net cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net static.cloudflareinsights.com maps.googleapis.com static.addtoany.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net js.adsrvr.org/up_loader.1.1.0.js connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; 3 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.wmxtools.com https://form-db.wmxtools.com https://play.vidyard.com https://static.hotjar.com https://script.hotjar.com https://www.googleoptimize.com https://*.wistia.com https://*.wistia.net https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://player.vimeo.com https://www.vimeo.com https://f.vimeocdn.com https://bat.bing.com https://r.bing.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://js-agent.newrelic.com https://*.nr-data.net https://pi.pardot.com https://*.ep-mimecast.ads-twitter.com https://analytics.twitter.com https://static.ads-twitter.com https://t.co https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://maps.googleapis.com https://maps.google.com https://ajax.googleapis.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://js-na1.hs-scripts.com https://forms.hsforms.com https://www.clarity.ms https://www.youtube.com https://m.youtube.com https://use.fontawesome.com https://kit.fontawesome.com fonts.googleapis.com https://use.typekit.net https://cdnjs.cloudflare.com https://tracking.g2crowd.com *.omappapi.com a.optnmnstr.com static.addtoany.com unpkg.com cdn.calltrk.com js.calltrk.com; style-src 'self' 'unsafe-inline' blob: code.jquery.com fast.wistia.com *.bing.com www.googletagmanager.com tagmanager.google.com *.licdn.com *.omappapi.com platform.twitter.com *.google.com ajax.googleapis.com *.fontawesome.com *.typekit.net; object-src embedwistia-a.akamaihd.net *.googlesyndication.com; frame-src 'self' play.vidyard.com vars.hotjar.com *.wistia.com *.wistia.net *.vimeo.com vimeo.com sdx.microsoft.com *.facebook.com connect.facebook.net www.googletagmanager.com www.linkedin.com go.pardot.com *.twitter.com twitter.com *.google.com *.doubleclick.net *.googlesyndication.com maps.google.com maps.googleapis.com *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com *.youtube.com www.youtube-nocookie.com cdnjs.cloudflare.com; frame-ancestors 'self' pi.pardot.com t.co twitter.com; child-src blob: *.vimeo.com vimeo.com *.facebook.com connect.facebook.net www.googletagmanager.com platform.twitter.com *.google.com *.doubleclick.net *.googlesyndication.com app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.youtube.com; img-src * 'self' data: script.hotjar.com embedwistia-a.akamaihd.net *.wistia.com *.wistia.net blob: www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com *.vimeocdn.com *.vimeo.com *.bing.com *.microsoft.com *.facebook.com *.facebook.net *.fbcdn.net www.googletagmanager.com *.linkedin.com *.licdn.com p.adsymptotic.com *.nr-data.net t.co *.twitter.com twitter.com *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com ajax.googleapis.com *.hubspot.com cdn2.hubspot.net forms.hsforms.com *.clarity.ms *.ytimg.com *.youtube.com fonts.gstatic.com *.typekit.net; font-src 'self' data: *.omappapi.com script.hotjar.com *.wistia.com *.fontawesome.com fonts.gstatic.com fonts.googleapis.com use.typekit.net; base-uri 'self' ; connect-src 'self' data: *.omappapi.com api.omappapi.com api.opmnstr.com unpkg.com js.calltrk.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.wistia.com embedwistia-a.akamaihd.net www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: vimeo.com *.bing.com wss://*.bing.com *.facebook.com connect.facebook.net www.googletagmanager.com *.linkedin.com *.licdn.com *.nr-data.net t.co *.twitter.com twitter.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com maps.googleapis.com maps.google.com ajax.googleapis.com *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com *.clarity.ms *.fontawesome.com fonts.googleapis.com fonts.gstatic.com use.typekit.net performance.typekit.net; media-src data: blob: embedwistia-a.akamaihd.net *.wistia.net *.wistia.com *.vimeo.com vimeo.com media.licdn.com dai.google.com; prefetch-src *.googlesyndication.com; worker-src blob: www.google.com; form-action 'self' 'unsafe-eval' *.facebook.com connect.facebook.net *.twitter.com *.google.com forms.hsforms.com forms.hubspot.com; report-uri https://wmxzelis.report-uri.com/r/d/csp/wizard 3 default-src *; script-src *; script-src-elem *; script-src-attr *; style-src *; style-src-elem *; style-src-attr *; img-src *; font-src *; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action *; upgrade-insecure-requests; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups allow-pointer-lock; base-uri *; manifest-src *; report-uri https://revalize.report-uri.com/r/t/csp/reportOnly; report-to Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://revalize.report-uri.com/a/t/g"}],"include_subdomains":true} 3 script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.moatads.com https://*.addthis.com https://*.doubleclick.net https://*.addthisedge.com https://*.newrelic.com https://*.nr-data.net https://*.googlevideo.com https://*.arcgis.com https://*.gov.uk https://*.facebook.com; frame-src 'self' https://*.addthis.com https://*.youtube.com https://www.googletagmanager.com https://*.arcgis.com; report-uri https://snhwebsite.report-uri.com/r/d/csp/reportOnly 3 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' www.googletagmanager.com unpkg.com commerce.adobedtm.com static.zdassets.com photorankstatics-a.akamaihd.net www.mczbf.com api.us1.exponea.com www.datadoghq-browser-agent.com www.googleadservices.com www.google-analytics.com bat.bing.com connect.facebook.net static.hotjar.com googleads.g.doubleclick.net script.hotjar.com assets.adobedtm.com web-sdk.aptrinsic.com webscaleprod.circalighting.com circalighting.com www.circalighting.com www.google.com bam.nr-data.net www.gstatic.com maps.googleapis.com affirm.com newrelic.com *.pinimg.com *.clarity.ms *.zopim.com *.affirm.com snap.licdn.com *.circalighting.com cdn.brcdn.com *.newrelic.com *.visualcomfort.com visualcomfort.com www.visualcomfort.com a.visualcomfort.com; worker-src blob:; report-uri /.webscale/csp-report 3 default-src * https: data: blob: 'unsafe-inline' 'unsafe-hashes'; 3 default-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com; font-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com data: *.olark.com fonts.gstatic.com; script-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com ajax.cloudflare.com *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net analytics.tiktok.com www.recaptcha.net recaptcha.net www.gstatic.com www.gstatic.cn www.google.com *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com analytics.google.com google-analytics.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com; style-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com *.googletagmanager.com tagmanager.google.com *.google.com fonts.googleapis.com; img-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' data: secure.gravatar.com *.ytimg.com *.youtube.com *.getclicky.com *.twitter.com t.co *.facebook.com www.gstatic.com/recaptcha *.olark.com *.adroll.com d.adroll.com *.googletagmanager.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.gstatic.com *.google.com *.doubleclick.net *.g.doubleclick.net *.googlesyndication.com www.googleadservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.olark.com; connect-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com cloudflareinsights.com *.datadoghq.com *.getclicky.com *.facebook.com analytics.tiktok.com *.olark.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com; frame-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.apple.com open.spotify.com *.soundcloud.com *.youtube.com *.youtube-nocookie.com www.facebook.com *.recaptcha.net recaptcha.net www.google.com recaptcha.google.com *.olark.com *.googletagmanager.com bid.g.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com; child-src *.youtube.com *.youtube-nocookie.com *.googletagmanager.com; worker-src www.recaptcha.net; object-src *.googlesyndication.com; 3 font-src *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-report.ctidigital.com/report; report-to report-endpoint; 3 font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com data: *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com *.gstatic.com cdn.jst.ai ajax.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com *.demdex.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.vimeo.com *.hotjar.com *.doubleclick.net cdn.jst.ai *.paymetric.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io *.demdex.net maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://a.klaviyo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com via.placeholder.com *.cdninstagram.com *.klaviyo.com *.google.com *.facebook.com *.fls.doubleclick.net *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.gstatic.com *.google.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io * geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.airbud.io demo.airbud.io ajax.googleapis.com *.klaviyo.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com *.typekit.net *.hotjar.com *.jst.ai *.kmail-lists.com *.youtube.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net cdn.dnky.co webchat.dotdigital.com unsafe-inline api.airbud.io demo.airbud.io *.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.klaviyo.com prod.airbud.io bam.nr-data.net *.google-analytics.com *.doubleclick.net *.kmail-lists.com *.youtube.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.fandom.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 3 base-uri 'self'; default-src 'self' https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com stats.g.doubleclick.com https://*.searchiq.co *.searchiq.co https://*.gstatic.com *.gstatic.com https://*.googleapis.com *.googleapis.com https://*.addthis.com *.addthis.com https://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org *.cookielaw.org https://*.cloudapi.de *.cloudapi.de https://*.onetrust.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; child-src; connect-src 'self' https://cdn.cookielaw.org cdn.cookielaw.org https://privacyportal-eu.onetrust.com privacyportal-eu.onetrust.com https://m.addthis.com m.addthis.com; font-src 'self' https://privacyportal-eu-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://tools.eurolandir.com tools.eurolandir.com https://*.instagram.com *.instagram.com https://*.searchiq.co *.searchiq.co https://*.youtube.com *.youtube.com https://*.addthis.com *.addthis.com https://*.hypemarks.com *.hypemarks.com; img-src 'self' https://*.searchiq.co *.searchiq.co https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com stats.g.doubleclick.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://*.google.com *.google.com https://*.google.co.uk *.google.co.uk https://*.cookielaw.org *.cookielaw.org https://px.ads.linkedin.com px.ads.linkedin.com https://*.linkedin.com *.linkedin.com https://*.facebook.com *.facebook.com blob: data:; media-src https://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.instagram.com *.instagram.com https://*.licdn.com *.licdn.com https://*.googleapis.com *.googleapis.com https://*.searchiq.co *.searchiq.co https://*.youtube.com *.youtube.com https://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com *.analytics.google.com https://*.addthis.com *.addthis.com https://*.addthisedge.com *.addthisedge.com https://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org *.cookielaw.org https://*.hypemarks.com *.hypemarks.com https://*.moatads.com *.moatads.com https://*.cloudapi.de *.cloudapi.de https://*.onetrust.com *.onetrust.com https://connect.facebook.net connect.facebook.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.amazonaws.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com *.facebook.com *.facebook.net static.xx.fbcdn.net *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net www.careopinion.org.uk static.addtoany.com *.wp.com www.patientopinion.org.uk hcaptcha.com *.hcaptcha.com assets.nhs.uk www.travelinescotland.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 3 report-uri https://o818257.ingest.sentry.io/api/5807773/security/?sentry_key=ed7ad4e8f86243c78f3011320dce22fe 3 script-src 'self' 3 default-src 'self' data: blob: *.visiondirect.co.uk https://*.visiondirect.info https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.cloudfront.net https://*.salesforce.com https://*.klarnaevt.com https://*.klarnacdn.net https://*.klarna.com https://widget.trustpilot.com https://*.optimizely.com https://*.dycdn.net https://*.facebook.net https://static.zdassets.com https://www.zenaps.com https://*.contentsquare.net https://*.google.co.uk wss://*.freshrelevance.com https://*.freshrelevance.com https://*.doubleclick.net https://*.facebook.com https://*.tiktok.com https://bat.bing.com https://*.wistia.com https://*.litix.io https://*.awin1.com https://*.akamaihd.net;script-src 'unsafe-inline' 'unsafe-eval' blob: *;style-src 'unsafe-inline' *;font-src * data:;worker-src 'self' data: blob:;frame-src 'self' https://*.google.com https://*.youtube.com https://*.facebook.com https://*.optimizely.com https://*.salesforce.com https://*.klarna.com https://*.trustpilot.com https://*.davidclulow.com https://analytics.tiktok.com;report-uri /content/csp_report;frame-ancestors 'self'; 3 default-src https: 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data:; 3 default-src 'none'; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net; img-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com; report-uri /csp 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.newrelic.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com 'unsafe-inline' *.sessioncam.com 'unsafe-inline' *.adyen.com 'unsafe-inline' *.google.com 'unsafe-inline' *.gstatic.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval'; font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline' *.facebook.com 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.force.com nestle-forms.cs.blip.ai *.facebook.com data: *.adyen.com 'self' 'unsafe-inline'; img-src * 'unsafe-inline' data: widgets.magentocommerce.com *.sessioncam.com s.ytimg.com data: *.adyen.com *.google.com 'self' 'unsafe-inline'; script-src *.evgnet.com *.salesforce.com *.doubleclick.net *.facebook.net *.force.com *.salesforceliveagent.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleadservices.com s.ytimg.com www.youtube.com *.adyen.com *.google.com google.com *.gstatic.com *.newrelic.com 'unsafe-inline' 'unsafe-eval' *.nr-data.net 'unsafe-inline' 'unsafe-eval' *.sessioncam.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.force.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://stats.g.doubleclick.net *.google-analytics.com *.nr-data.net ws.sessioncam.com *.force.com ; child-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; 3 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com static.curations.bazaarvoice.com 'unsafe-inline' data: *.channelsight.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com *.facebook.com *.snapchat.com *.tiktok.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com s.amazon-adsystem.com *.facebook.com *.fls.doubleclick.net insight.adsrvr.org *.filestackapi.com *.addthis.com flexfaceoffsweeps.azurewebsites.net match.adsrvr.org viewinyourspace.com *.viewinyourspace.com playcanv.as *.snapchat.com *.clinch.co *.pinterest.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.bird.eu *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.bazaarvoice.com *.google.com *.taboola.com *.facebook.com *.facebook.net *.hubspot.com *.hsforms.com r.turn.com *.adnxs.com pixel.mediaiqdigital.com *.gravatar.com cscoreproweustor.blob.core.windows.net www.skil.com *.gstatic.com *.googleapis.com *.fls.doubleclick.net *.seeitinyourspace.com *.pinterest.com *.nextdoor.com *.reddit.com insight.adsrvr.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com *.filestackapi.com *.facebook.net *.crazyegg.com js.hs-scripts.com *.taboola.com js.adsrvr.org js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.googleapis.com geoip-js.com secure-ds.serving-sys.com *.adnxs.com bs.serving-sys.com *.addthis.com *.addthisedge.com z.moatads.com cscoreproweustor.blob.core.windows.net flexsweepstakes2022.azurewebsites.net js.monitor.azure.com edge.curalate.com ipinfo.io *.newrelic.com *.nr-data.net *.tiktok.com sc-static.net *.channelsight.com unpkg.com viewinyourspace.com *.viewinyourspace.com *.cookielaw.org *.addevent.com *.pinimg.com *.nextdoor.com *.crwdcntrl.com *.crwdcntrl.net mjca-yijws.global.ssl.fastly.net cdn.480app.com cdn.nmgassets.com *.clinch.co *.vimeo.com *.redditstatic.com *.snapchat.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com cscoreproweustor.blob.core.windows.net *.channelsight.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com api.bazaarvoice.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.bazaarvoice.com *.crazyegg.com forms.hubspot.com *.channelsight.com *.google-analytics.com stats.g.doubleclick.net *.taboola.com secure-ds.serving-sys.com viewinyourspace.com *.viewinyourspace.com chervon-website-api.herokuapp.com chervon-website-api-dev.herokuapp.com *.jotform.com dc.services.visualstudio.com *.addthis.com edge.curalate.com geoip-js.com *.hsforms.com *.nr-data.net *.facebook.com *.tiktok.com *.snapchat.com *.cookielaw.org *.rain-staging.com *.seeitinyourspace.com *.gstatic.com blob: *.googleapis.com *.pinterest.com cdn.nmgassets.com jdl.nmgplatform.com colrep.sitelabweb.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'none'; script-src 'self' https://*.typekit.net/ https://*.clarity.ms/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://*.gstatic.com/ https://seal.thawte.com/ https://secure.bluepay.com https://seal.digicert.com/ https://www.safewayxchange.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.clarity.ms/ https://stats.g.doubleclick.net; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://dev.virtualearth.net/ data: https://seal.digicert.com https://www.google.com; style-src 'self' 'unsafe-inline' https://*.typekit.net/ https://fonts.googleapis.com/ https://*.gstatic.com; font-src 'self' https://*.typekit.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com/; frame-src 'self' https://secure.bluepay.com https://www.safewayxchange.com/; object-src 'self'; media-src 'self' https://www.google-analytics.com/; manifest-src 'self'; frame-ancestors 'self'; report-uri https://08bfb48ddcee7d64057e88503ec1149f.report-uri.com/r/t/csp/reportOnly 3 default-src 'self' *.rackcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.mapbox.com *.fontawesome.com recruitingbypaycor.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.google-analytics.com blob:; style-src 'self' 'unsafe-inline' *.rackcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.mapbox.com *.fontawesome.com recruitingbypaycor.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.google-analytics.com; script-src 'self' 'unsafe-inline' *.rackcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.mapbox.com *.fontawesome.com recruitingbypaycor.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.google-analytics.com; img-src 'self' 'unsafe-inline' *.google-analytics.com cdn.jsdelivr.net blob: data:; worker-src blob:; 3 font-src fonts.gstatic.com *.fontawesome.com data: *.gstatic.com *.photoslurp.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.adyen.com *.facebook.com *.mediquo.com *.hotjar.com *.criteo.com *.google.com *.clic2buy.com *.youtube.com *.vimeo.com *.photoslurp.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com *.adyen.com data: eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com *.cloudfront.net *.amazonaws.com bat.bing.com *.facebook.com widget-mediator.zopim.com *.swogo.net *.criteo.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net i.ytimg.com *.photoslurp.com *.googleusercontent.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com cdn.doofinder.com polyfill.io *.naturitas.com naturitas.slgnt.eu static.zdassets.com bat.bing.com connect.facebook.net *.swogo.net *.hotjar.com *.mediquo.com static.criteo.net *.criteo.com *.typeform.com *.clic2buy.com *.newrelic.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.fontawesome.com *.googleapis.com *.photoslurp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.doofinder.com *.naturitas.com *.naturitas.es naturitas-atc.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com *.swogo.net *.googlesyndication.com *.hotjar.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.adyen.com *.photoslurp.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data:; img-src https: data:; connect-src https: wss: 'self'; worker-src https: blob: 'self'; 3 default-src 'self' *.qq.com *.google-analytics.com *.ytimg.com *.youtube.com *.googletagmanager.com *.baidu.com *.cookieinformation.com *.licdn.com *.facebook.net *.marketingautomation.com *.sleeknote.com *.sharpspring.com *.gstatic.com https: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/reportOnly 3 default-src 'self' *.optomaeurope.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.optomaeurope.com *.optoma.co code.jquery.com fast.fonts.net www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://unpkg.com *.unpkg.com secure.neck6bake.com https://youtube.com *.youtube.com youtube.com *.vimeo.com static.cloudflareinsights.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.storerocket.io api.mapbox.com *.jsdelivr.net cdn.polyfill.io https://cdnjs.cloudflare.com https://ldynamicspublicapi.leadforensics.com https://*.fontawesome.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' *.optomaeurope.com *.optoma.co https://tagmanager.google.com https://fonts.googleapis.com *.jsdelivr.net; img-src 'self' blob: data: *.optomaeurope.com *.optoma.co *.youtube.com *.ytimg.com *.vimeo.com www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.storerocket.io https://ssl.gstatic.com https://www.gstatic.com https://s3-us-west-2.amazonaws.com *.optoma.com; media-src 'self' *.optomaeurope.com; frame-src 'self' *.optomaeurope.com *.optoma.co *.youtube.com *.youtube-nocookie.com *.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://player.simplecast.com; font-src 'self' *.optomaeurope.com *.optoma.co http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com data: ; connect-src 'self' *.optomaeurope.com https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://ldynamicspublicapi.leadforensics.com *.storerocket.io https://storerocket.io storerocket.global.ssl.fastly.net *.mapbox.com https://stats.g.doubleclick.net https://*.fontawesome.com; report-uri https://c9f3e0efddb3b5a8f702c2632d2e3942.report-uri.com/r/d/csp/reportOnly 3 default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net https://rec.i-say.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net; frame-src 'self' blob: *.shopmetrics.com *.gigspot.com *.research-cloud.com *.velocity.online *.youtube.com *.youtu.be; base-uri 'self'; form-action 'self' *.shopmetrics.com *.gigspot.com *.velocity.online; img-src * data: about: blob: filesystem: ma-file:; object-src 'none'; font-src 'self' data: *.shopmetrics.com *.bootstrapcdn.com *.typekit.net *.gstatic.com *.jsdelivr.net *.pstatic.net *.github.com; report-uri https://training89.shopmetrics.com/CSPEndpoint.aspx; Report-To default; 3 style-src 'self' 'unsafe-inline' use.typekit.net optimize.google.com *.googleapis.com cdnjs.cloudflare.com tagmanager.google.com *.googletagmanager.com config1.veinteractive.com veinteractive.com cookiehub.net use.fontawesome.com; img-src 'self' *.google-analytics.com *.analytics.google.com *.facebook.com data: *.doubleclick.net *.gstatic.com *.tiktok.com *.google.com *.google.be *.google.nl *.google.pl *.google.de *.google.es *.google.fr *.googletagmanager.com *.paypal.com *.convious.lt *.convious-app.com *.amazonaws.com *.tradetracker.net *.mollie.com; font-src 'self' *.typekit.net fonts.gstatic.com use.fontawesome.com data: *.convious.lt; connect-src 'self' *.google-analytics.com *.analytics.google.com *.doubleclick.net *.tiktok.com *.convious.com *.convious-app.com *.sentry.io wss://*.convious-app.com *.facebook.com *.paypal.com *.cookiehub.net *.tradetracker.net *.plopsa.com *.google.com; report-uri /report-csp-violation 3 default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data: *.google-analytics.com;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 3 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 3 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 object-src 'none'; script-src 'self' cdn.jsdelivr.net widgets.custplace.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 3 default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.doubleclick.net dc.ads.linkedin.com analytics.twitter.com *.google-analytics.com t.co;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 3 default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: data:; report-uri https://18d36df5be4d2f0680090c55b489865d.report-uri.com/r/d/csp/reportOnly 3 default-src 'self'; script-src 'report-sample' 'self' https://cdn.jsdelivr.net/npm/vue@2.6.12 https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/519977589342315 https://extend.vimeocdn.com/ga/3682823.js https://fast.wistia.com/assets/external/channel.js https://fast.wistia.net/embed/channel/project/b4s3to0g9l.json https://grow.clearbitjs.com/api/pixel.js https://iptrack.io/api/v1/wiv.js https://pi.pardot.com/pd.js https://pi.pardot.com/analytics https://script.hotjar.com/modules.8b83be320cd47888a36c.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-1795125.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtm.js?id=GTM-5NMSN2S https://www.googletagmanager.com/gtag/js https://www3.objective.com/analytics; style-src 'report-sample' 'unsafe-inline' 'self' https://fast.fonts.net https://fast.wistia.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.ipify.org https://fast.wistia.net https://in.hotjar.com https://ipapi.co https://s3-ap-southeast-2.amazonaws.com https://stats.g.doubleclick.net https://ws39.hotjar.com https://www.google-analytics.com wss://ws39.hotjar.com; font-src 'self' data: https://fast.wistia.net https://fonts.gstatic.com; frame-src 'self' https://vars.hotjar.com https://www.facebook.com https://www3.objective.com; img-src 'self' data: https://dashboard.whoisvisiting.com https://fast.wistia.net https://grow.clearbitjs.com https://px.ads.linkedin.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.nz https://www.google.com https://www.google.com.au https://www.google.com.my https://www.objective.com.au; manifest-src 'self'; media-src 'self'; report-uri https://62fdb794dbe847495b81a02a.endpoint.csper.io/?v=11; worker-src 'none'; 3 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnlyi; connect-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat 3 upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.sentry.dev www.googletagmanager.com www.google-analytics.com www.googleadservices.com js.driftt.com connect.facebook.net assets.calendly.com player.vimeo.com www.redditstatic.com m.servedby-buysellads.com static.zdassets.com googleads.g.doubleclick.net bat.bing.com munchkin.marketo.net cdn.bizible.com cdn.amplitude.com; connect-src 'self' sentry.io *.sentry.io www.sentry.dev reload.getsentry.net api.amplitude.com api2.amplitude.com ekr.zdassets.com sentry.zendesk.com www.google-analytics.com stats.g.doubleclick.net 776-mjn-501.mktoresp.com; img-src 'self' data: www.sentry.dev sentry-blog.storage.googleapis.com images.ctfassets.net www.google-analytics.com stats.g.doubleclick.net assets.calendly.com q.quora.com alb.reddit.com www.facebook.com www.googletagmanager.com bat.bing.com www.google.com i.vimeocdn.com i.ytimg.com cdn.bizible.com cdn.bizibly.com; style-src 'self' 'unsafe-inline' www.sentry.dev assets.calendly.com fonts.googleapis.com; media-src 'self' videos.ctfassets.net; font-src 'self' www.sentry.dev fonts.gstatic.com; frame-src player.vimeo.com www.youtube-nocookie.com js.driftt.com calendly.com bid.g.doubleclick.net; manifest-src 'self' www.sentry.dev; report-uri https://o1.ingest.sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/android 2 frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report; report-to csp-endpoint 2 font-src use.typekit.net data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.braintreegateway.com tst.kaptcha.com www.google.com www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com *.paypal.com *.magento.com magento.com embedwistia-a.akamaihd.net fast.wistia.com embed-fastly.wistia.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com use.typekit.net *.paypal.com js-agent.newrelic.com s3.amazonaws.com fast.wistia.com bam.nr-data.net www.gstatic.com www.google.com *.d41.co so.rlcdn.com *.braintree-api.com *.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline use.typekit.net p.typekit.net www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com magento.com *.magento.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.adobe.com stats.g.doubleclick.net google.com *.paypal.com adobe.tt.omtrdc.net bam.nr-data.net *.wistia.com *.litix.io int-api.magedevteam.com api.magento.com *.d41.co *.braintreegateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'unsafe-inline' 'unsafe-eval' * data: blob: 2 frame-ancestors 'self'; report-uri https://www.news.com.au/csp-reports 2 default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.billboard.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/waze-wfe; 2 default-src 'self' data: blob: https://067-umd-991.mktoresp.com https://analytics.twitter.com https://bam.nr-data.net https://bi-beta.pst.tech https://bi.pst.tech https://blog.postman.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.polyfill.io https://dl.pstmn.io https://fast.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://geolocation.onetrust.com https://in.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://ms1frkqnsp7r.statuspage.io https://munchkin.marketo.net https://pages.getpostman.com https://privacyportal.onetrust.com https://public.slidesharecdn.com https://px.ads.linkedin.com https://script.hotjar.com https://skills-assets.pstmn.io https://www.slideshare.net https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://vars.hotjar.com https://www.youtube.com https://p.adsymptotic.com https://assets.getpostman.com https://www.linkedin.com https://pixel.mathtag.com https://js.driftt.com https://www.googleleadservices.com https://google.g.doubleclick.net https://web.postman.com https://manifest.webmanifest https://www.googleadservices.com https://googleads.g.doubleclick.net https://px4.ads.linkedin.com https://i.ytimg.com https://api.mapbox.com https://events.mapbox.com https://identity.getpostman-beta.com https://identity.getpostman.com https://www.youtube-nocookie.com https://run.pstmn.io https://t7vhfmsv15.execute-api.us-east-1.amazonaws.com https://player.twitch.tv https://conversation.api.drift.com https://st-ar.cdn.postman.com https://vc.hotjar.io https://ws9.hotjar.com wss://ws9.hotjar.com https://821881030.privacysandbox.googleadservices.com/ https://bifrost-https-v4.gw.postman.com https://voyager.postman.com https://res.cloudinary.com https://app.launchdarkly.com https://events.launchdarkly.com https://api.amplitude.com https://clientstream.launchdarkly.com wss://ws1.hotjar.com https://worldtimeapi.org https://www.postman.com https://static.cloudflareinsights.com https://api.channel99.com https://events.gw.postman.com https://lp.postman.com https://067-umd-991.mktoutil.com https://api.c99.ai 'unsafe-inline'; form-action 'self'; base-uri 'self'; block-all-mixed-content; report-uri https://sentry.postmanlabs.com/api/738/security/?sentry_key=9f4634749cc5431981a67baf042d0e9e; 2 default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-eval' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://shop.emerald.com/ https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 2 script-src 'self' cdn.jsdelivr.net https://cdn.knightlab.com https://dap.digitalgov.gov platform.twitter.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net https://cdn.knightlab.com https://stackpath.bootstrapcdn.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 2 frame-ancestors 'self'; report-uri https://www.theaustralian.com.au/csp-reports 2 frame-ancestors 'self' *.hudl.com *.youtube.com *.sendtonews.com *.cbssports.com *.247sports.com *.scout.com *.ampproject.org *.amp.cloudflare.com; default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https:; report-uri https://cbsi.report-uri.io/r/default/csp/reportOnly 2 media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2 default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc 2 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 block-all-mixed-content; frame-ancestors 'none'; report-uri /global-cgi-bin/csp-report 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_google 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.google.com *.googleapis.com *.youtube.com *.facebook.com connect.facebook.net *.addthis.com *.moatads.com *.addthisedge.com api.map.baidu.com cdn.jsdelivr.net cdnjs.cloudflare.com kxlogo.knet.cn *.doubleclick.net snap.licdn.com d.line-scdn.net *.hotjar.com *.go-mpulse.net *.gigabyte.com *.gigabyte.com.tw; style-src 'self' 'unsafe-inline' *.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com *.fontawesome.com *.gigabyte.com *.gigabyte.com.tw; img-src 'self' data: https: http://faq.gigabyte.com; font-src 'self' fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.gigabyte.com *.gigabyte.com.tw data:; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com http://www.youtube.com *.facebook.com *.doubleclick.net *.addthis.com *.hotjar.com *.gigabyte.com *.gigabyte.com.tw; 2 child-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://www.podbean.com https://embed.tawk.to https://cdn.jsdelivr.net https://connect.facebook.net https://script.hotjar.com https://snap.licdn.com https://bat.bing.com https://sc-static.net *.blackbaudhosting.com; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://www.podbean.com https://embed.tawk.to cdn.jsdelivr.net connect.facebook.net script.hotjar.com snap.licdn.com bat.bing.com sc-static.net *.snapchat.com *.hotjar.com https://*.kaltura.com *.blackbaudhosting.com *.blackbaud.com; object-src 'none'; script-src 'self' 'report-sample' 'sha256-kGiTBKKHWdmgeya48OmtE54PjZ3xGgrvLSJsDBB26hw=' https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.twitter.com https://static.ads-twitter.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://snap.licdn.com https://sc-static.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.theaccessplatform.com *.blackbaud.com *.blackbaudhosting.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; script-src-elem 'self' 'unsafe-inline' 'report-sample' https://cdn.cookielaw.org https://geolocation.onetrust.com https://search.sheffield.ac.uk 'sha256-kGiTBKKHWdmgeya48OmtE54PjZ3xGgrvLSJsDBB26hw=' https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.twitter.com https://static.ads-twitter.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://snap.licdn.com https://sc-static.net https://*.theaccessplatform.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'report-sample' https://*.theaccessplatform.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; base-uri 'self'; form-action 'self' https://search.sheffield.ac.uk https://tr.snapchat.com; frame-ancestors 'self' 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-hashes' www.youtube.com www.queryly.com ajax.googleapis.com www.googletagmanager.com cdn.parsely.com cdn.polyfill.io code.jquery.com uschamber-webassets.s3.amazonaws.com action.uschamber.com uschamber.tfaforms.net action.friendsoftheuschamber.com api.queryly.com cdn.flipboard.com cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net cookie-cdn.cookiepro.com googleads.g.doubleclick.net p2a.co secure.wufoo.com static.ads-twitter.com static.wufoo.com www.google-analytics.com www.google.com www.gstatic.com; script-src-elem api.queryly.com apis.google.com cdn.jsdelivr.net cdn.parsely.com connect.facebook.net cookie-cdn.cookiepro.com googleads.g.doubleclick.net secure.wufoo.com ssl.google-analytics.com static.ads-twitter.com tpc.googlesyndication.com www.google-analytics.com www.google.com www.googleadservices.com; style-src 'self' 'unsafe-inline' uschamber-webassets.s3.amazonaws.com uschamber.tfaforms.net cdn.jsdelivr.net code.jquery.com fonts.googleapis.com; style-src-elem 'self' cdn.jsdelivr.net code.jquery.com fonts.googleapis.com p.typekit.net www.queryly.com; img-src 'self' data: p1.parsely.com uschamber-webassets.s3.amazonaws.com adservice.google.com analytics.twitter.com cdn.datatables.net cdn.flipboard.com i.ytimg.com page.uschamber.com region1.google-analytics.com s3.us-east-1.amazonaws.com upload.wikimedia.org uschamber-co.imgix.net uschamber.com uschamber.imgix.net www.dropbox.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.linkedin.com www.queryly.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' ad.doubleclick.net cookie-cdn.cookiepro.com uschamber-webassets.s3.amazonaws.com www.facebook.com www.google-analytics.com www.google.com www.googletagmanager.com p1.parsely.com; media-src 'self' data:; object-src 'self'; frame-src app.sli.do livestream.com usr53.dayforcehcm.com uschamber.wufoo.com p2a.co pub.s1.exacttarget.com action.uschamber.com us63.dayforcehcm.com www.dayforcehcm.com www.facebook.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com youtube.com; worker-src blob:; form-action 'self' uschamber.tfaforms.net uschamber.wufoo.com; manifest-src 'self' data:; report-uri https://uschamber.report-uri.com/r/d/csp/wizard 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.addthis.com *.akamai.net *.convertexperiments.com *.flickr.com https://*.hotjar.com *.google.com *.sierraclub.org *.twitter.com cdn.ampproject.org cdn.hypemarks.com cdn.jsdelivr.net cdn.optimizely.com connect.facebook.net google-analytics.com google.com googletagmanager.com instagram.com js.maxmind.com maps.googleapis.com partner.googleadservices.com pixel.sitescout.com public.tableau.com reddit.com scribd.com snap.licdn.com unpkg.com v1.addthisedge.com widgets.pinterest.com z.moatads.com; object-src 'self'; style-src 'self' 'unsafe-inline' https: *.sierraclub.org cdn.honey.io cdn.jsdelivr.net cdn.knightlab.com cdnjs.cloudflare.com cloud.typography.com https://*.hotjar.com fonts.googleapis.com google.com pro.fontawesome.com; img-src * 'unsafe-inline' blob: data: https:; media-src 'self' data:; frame-src 'self' https: *.addthis.com *.doubleclick.net *.fls.doubleclick.net *.ggusd.us *.google.com https://*.hotjar.com *.optimizely.com *.s3.amazonaws.com *.sierraclub.org *.stpsb.org *.twitter.com block.opendns.com blocked.goguardian.com calendar.google.com cdn.bannersnack.com ckreport.lisd.net clubvolunteer.org facebook.com funnyordie.com gateway.zscalertwo.net global.acs.prismaaccess.com googletagmanager.com instagram.com m.facebook.com maphub.net meetup.com mozbar.moz.com player.vimeo.com public.tableau.com quorum.us rcm-na.amazon-adsystem.com s7.addthis.com spur.maps.arcgis.com static.contextall.com trustpoint-lax.northcentraltrust.com vpn.myips.org web.facebook.com youtube-nocookie.com youtube.com; frame-ancestors 'self' https: sierraclub.org; child-src 'self'; font-src 'self' data: https: *.sierraclub.org at.alicdn.com cdn.honey.io cdn.jsdelivr.net https://*.hotjar.com fonts.gstatic.com pro.fontawesome.com slant.co; connect-src 'self' https: *.addthis.com *.doubleclick.net *.google-analytics.com *.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.optimizely.com *.sierraclub.org cdn.linkedin.oribi.io csp.withgoogle.com facebook.com geoip-js.com google-analytics.com googletagmanager.com logx.optimizely.com m.addthis.com maps.googleapis.com s7.addthis.com secure.geonames.org stats.g.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 2 object-src 'none'; script-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com unpkg.com; script-src-attr 'self'; style-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 2 default-src 'self' https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self'; worker-src blob: 'unsafe-inline' 'unsafe-eval' https: http: 'self';connect-src * data: 'self';frame-src http://*.pitchbook.local http://*.wistia.com http://*.jobvite.com http://*.ceros.com http://www.facebook.com https: mailto: tel: ms-appx-web: blob: 'self'; img-src * data: blob: 'self' android-webview-video-poster:; media-src * blob: 'self'; style-src http://*.pitchbook.com http://*.googleapis.com http://*.webspellchecker.net http://*.dynamicyield.com https: 'unsafe-inline' 'self'; font-src http://*.dynamicyield.com http://*.webspellchecker.net http://fonts.gstatic.com https: data: blob: 'self' http://themes.googleusercontent.com chrome-extension: localhost:3000;report-uri /csp/submit 2 default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://zn4mbdaokn6kcahtg-cypress.siteintercept.qualtrics.com https://79423.analytics.edgekey.net https://cdnjs.cloudflare.com https://connect.facebook.net https://e.video-cdn.net https://img.en25.com https://oc-cdn-public-eur.azureedge.net https://rules.quantcount.com https://s1968580696.t.eloqua.com https://script.hotjar.com https://secure.quantserve.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://cdn.botframework.com https://fonts.googleapis.com https://oc-cdn-public-eur.azureedge.net; object-src 'self'; connect-src 'self' https://www.infineon.com https://softwaretools.infineon.com https://toolbox-cloud-staging.cloudapps.infineon.com https://stg-community.infineon.com https://community.infineon.com https://maps.googleapis.com https://siteintercept.qualtrics.com https://api.flockler.com https://asset-out-cdn.video-cdn.net https://c.video-cdn.net https://ca.video-cdn.net https://d.video-cdn.net https://in.hotjar.com https://infineon.product-discontinuation.com https://licensing.bitmovin.com https://ma307-r.analytics.edgekey.net https://oc-cdn-public-eur.azureedge.net https://stats.g.doubleclick.net https://vc.hotjar.io https://vod.video-cdn.net https://www.google-analytics.com; font-src 'self' data: https://e.video-cdn.net https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://www.infineon.com https://chatbot.infineon.com https://oc-cdn-public-eur.azureedge.net https://players.brightcove.net https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://www.promeas.com; img-src 'self' data: https://www.infineon.com https://www.infineon-brandportal.com https://pbs.twimg.com https://www.kununu.com https://www.glassdoor.com https://s722891043.t.eloqua.com https://siteintercept.qualtrics.com https://asset-out-cdn.video-cdn.net https://media-api.flockler.com https://media-exp1.licdn.com https://pixel.quantserve.com https://px.ads.linkedin.com https://s1968580696.t.eloqua.com https://www.bluewind.it https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com; manifest-src 'self'; media-src 'self' data:; base-uri 'self'; report-uri https://www.infineon.com/rest/csp/report; worker-src blob:; 2 default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' data: ; frame-ancestors 'self' ; report-uri /csp-violation-report-endpoint/ 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.6sense.com *.addthisedge.com *.omtrdc.net *.everesttech.net *.demdex.net *.adobedtm.com *.scene7.com *.akamaihd.net *.adnxs.com *.baidu.com *.prod.bidr.io *.btttag.com *.brightcove.com *.brightcove.net *.zencdn.net *.cloudflare.com *.contentsquare.net *.company-target.com *.demandbase.com *.doubleclick.net *.adsymptotic.com *.d41.co *.dynatrace.com *.facebook.com *.facebook.net *.fontawesome.com *.fullstory.com *.google.co.in *.google.co.jp *.google.co.uk *.google.com *.google.com.hk *.google.fr *.google.kr *.google.es *.google.de *.google.ru *.google.ie *.google.am *.google.com.co *.google.com.ph *.google.com.au *.google.hu *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hs.llnwd.net *.linkedin.com *.licdn.com *.i.lithium.com *.microsoftazuread-sso.com *.ni.com *.agkn.com *.newrelic.com *.nr-data.net *.moatads.com *.polyfill.io *.qualtrics.com *.quantcount.com *.quantserve.com *.rlcdn.com *.force.com *.salesforce.com *.salesforceliveagent.com *.pardot.com *.krxd.net *.rfihub.com *.serving-sys.com *.addthis.com *.adsrvr.org *.truste.com *.twitter.com *.ads-twitter.com t.co *.6sc.co *.rezync.com *.analytics.yahoo.com *.yimg.com unpkg.com *.psiexams.com *.systemlinkcloud.com *.systemlinkcloud.io mythinkscape.com *.mythinkscape.com *.multisim.com *.boltdns.net *.3playmedia.com *.paymetric.com *.captchas.net *.bing.com *.pagespeed-mod.com *.lithcloud.com *.jsdelivr.net *.cloudfront.net *.amazonaws.com *.day.com *.mathjax.org *.zoominsoftware.io *.bootstrapcdn.com *.nicdn.net *.leadsrx.com *.quizscape.com *.thoughtindustries.com *.wistia.com *.credly.com *.kbmax.com *.certain.com *.fonts.net *.typekit.net *.khoros.app.box.com *.limuirs-asset.lithium.com *.cookielaw.org *.windows.net data: blob; object-src 'none'; worker-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src https: 'unsafe-inline';connect-src https:;frame-src https:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data:;media-src https: blob:; report-uri /csp_rep 2 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.scene7.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com *.live.hdexternal.co.uk *.hdddirectsolutions.co.uk fonts.gstatic.com *.everesttech.net *.everestjs.net cdn.cookielaw.org cdn-apple.com; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly; 2 default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com bat.bing.com *.amazon-adsystem.com players.brightcove.net vjs.zencdn.net s.amazon-adsystem.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com tags.tiqcdn.com lptag.liveperson.net lpcdn.lpsnmedia.net cdn.optimizely.com accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.contentsquare.net bat.bing.com manifest.prod.boltdns.net *.brightcovecdn.com adservice.google.com *.api.brightcove.com brightcove.hs.llnwd.net www.facebook.com maps.googleapis.com www.google.com www.googletagmanager.com *.siteintercept.qualtrics.com ad.doubleclick.net http://127.0.0.1:5000 http://127.0.0.1:5000/* stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com analytics.google.com logx.optimizely.com www.google.co.uk hsbc.co.uk www.hsbc.co.uk *.demdex.net *.lo.cobrowse.liveperson.net *.tt.omtrdc.net *.sc.omtrdc.net; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net www.facebook.com connect.facebook.net www.youtube.com m.youtube.com *.demdex.net www.googletagmanager.com td.doubleclick.net *.ep-mimecast.facebook.com 8068700.fls.doubleclick.net; frame-ancestors 'self' www.hsbc.co.uk; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com *.cloudfront.net; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com *.askus.hsbc.co.uk www.googletagmanager.com *.lo.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; upgrade-insecure-requests ; report-uri /csp/report; manifest-src www.hsbc.co.uk; media-src lpcdn.lpsnmedia.net *.brightcovecdn.com manifest.prod.boltdns.net ssl.gstatic.com brightcove.hs.llnwd.net; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2 object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; frame-ancestors 'self' 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; frame-ancestors 'self'; report-uri https://leafgroup.report-uri.com/r/d/csp/wizard 2 default-src data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *.nesine.com wss://*.nesine.com *.google.com *.google.com.tr *.googletagmanager.com *.google-analytics.com *.support.google.com *.doubleclick.net *.googleadservices.com *.microsoft.com *.apple.com *.facebook.com *.facebook.net *.betsolutions.com *.yahoo.com *.criteo.net *.criteo-sync.teads.tv *.criteo.com *.ligatus.com *.newrelic.com *.twitter.com *.instagram.com *.youtube.com *.ytimg.com *.aboutcookies.org *.mobilproses.com *.omnitagjs.com *.outbrain.com *.nr-data.net *.bidswitch.net *.sportradar.com *.akamaized.net *.performfeeds.com *.betradar.com *.dge.imggaming.com tjktv.ercdn.net *.tjk.org *.broadage.com *.pubmatic.com *.mediavine.com *.demdex.net *.krxd.net *.thebrighttag.com *.tremorhub.com *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.emxdgt.com *.adform.net *.sync.com *.ivitrack.com *.yieldmo.com *.criteo.com *.yieldlab.net *.imgarena.com *.liderform.com.tr *.googleapis.com *.googlevideo.com *.gstatic.com *.azureedge.net *.semasio.net *.1rx.io *.adsrvr.org aa.agkn.com *.postrelease.com *.revcontent.com *.rqtrk.eu *.bing.com *.smaato.net *.narrative.io *.socdm.com *.mediawallahscript.com *.liadm.com *.stickyadstv.com *.linkedin.com *.rlcdn.com *.dable.io *.adingo.jp *.twiago.com *.bluekai.com *.crwdcntrl.net *.hs.llnwd.net *.ucweb.com; img-src * data:; report-uri /csp/cspreport/ 2 default-src 'self';connect-src 'self' https://analytics.majestic.com https://analytics.majesticseo.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.majesticseo.com https://analytics.majestic.com https://info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report 2 default-src 'self'; script-src 'self' 'sha256-6vmNTbfgubexXPiaZdcqfKCk+vKBe9cfsKsAciXQtMg=' 'sha256-r1aYSsDn5Btub+zo7XZr6P3ZhmNyYTvHf/yjmzIpxT8=' 'sha256-aqdvQaQU9tkorRhtgHldablGaB5SI/SwbLemAOKE7Yo=' 'sha256-Vxv+qm8gMYYzbp7hSMakF5Q81e7GDj/Z5HZYT4ekhho=' 'sha256-uBpmtDakUPHISUCFtaVC869LxTI53EPQREvqhqlxGVU=' 'sha256-h8bC9y2R69GO3nntfTAfOohrJdzeOS7slDdbOSULEJo=' 'sha256-isqZ0Q9pUWxBIyLN3u9Y3hy3MuWSJMoiNKT/nB5AbP8=' https://*.google-analytics.com/analytics.js https://cdncache-a.akamaihd.net/sub/b156ae9/98002/l.js https://www.youtube.com https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://*.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www2.osfound.org/shorten https://connect.facebook.net; style-src 'unsafe-inline' 'self'; object-src 'self' https://video.ted.com; base-uri 'self'; connect-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://*.ingest.sentry.io https://cdn.plyr.io; font-src 'self' https: data:; frame-src 'self' https://www.youtube.com https://w.soundcloud.com https://www.facebook.com https://player.vimeo.com; img-src 'self' https://i.ytimg.com https://opensocietyfoundations.imgix.net https://*.google-analytics.com https: data:; manifest-src 'self'; media-src 'self'; report-uri https://opensociety.report-uri.com/r/d/csp/reportOnly; worker-src 'none'; 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src * ldb1: data:; media-src * data: about:; frame-ancestors 'self' *.aleks.com *.connectmath.com *.mhcampus.com; report-uri /aleks/csp_report?stamp=web2020111702&uri=%2F&referer= 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.salliemae.com mid.rkdms.com *.force.com bat.bing.com *.doubleclick.net www.googletagmanager.com trk.clinch.co *.demdex.net *.lijit.com *.facebook.com adservice.google.com cdn.boomtrain.com *.salesforceliveagent.com *.rfihub.com *.qualtrics.com action.dstillery.com beacon.krxd.net www.google.com *.everesttech.net *.adsrvr.org tags.tiqcdn.com *.facebook.net c1.sfdcstatic.com privacyportal.onetrust.com *.agkn.com pixel.quantserve.com live.rezync.com t.myvisualiq.net pixel.mediaiqdigital.com rules.quantcount.com cdn.cookielaw.org fonts.gstatic.com ad.ipredictive.com secure.quantserve.com events.api.boomtrain.com action.media6degrees.com play.vidyard.com cdn.clinch.co people.api.boomtrain.com secure.adnxs.com *.omtrdc.net geolocation.onetrust.com; form-action *.facebook.com *.salliemae.com *.facebook.net *.qualtrics.com; frame-ancestors 'self' ; report-uri /csp_report 2 block-all-mixed-content; default-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; frame-src 'self' https://www.youtube.com; img-src 'self' https://translate.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://i.ytimg.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com data:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com maps.google.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; report-uri https://ae2fed611bf04be7d3efc10226296849.report-uri.com/r/d/csp/reportOnly 2 block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 2 default-src 'self' 'unsafe-inline' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.usni.org *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.authorize.net *.facebook.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' *.usni.org *.googlesyndication.com *.google.com disqus.com *.disqus.com *.googletagmanager.com *.addtoany.com *.scribd.com *.facebook.com *.g.doubleclick.net ; form-action 'self' *.usni.org *.facebook.com *.salesforce.com ; frame-src 'self' *.scribd.com ; frame-ancestors 'self' *.scribd.com ; upgrade-insecure-requests; 2 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.assetsadobe2.com *.dyson.com.sg *.dyson.in *.analytics.yahoo.com *.google.co.in *.outbrain.com *.s3.amazonaws.com *.quantserve.com *.usehero.com s3.amazonaws.com *.adobe.com *.dyson.co.kr *.boldchat.com 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.decibelinsight.net *.queue-it.net *.googletagmanager.com *.go-mpulse.net *.quantserve.com *.outbrain.com *.s3.amazonaws.com *.usehero.com *.quantcount.com *.boldchat.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.omtrdc.net *.go-mpulse.net *.google.com *.doubleclick.net *.usehero.com *.decibelinsight.net *.akstat.io *.akamaihd.net *.boldchat.com wss://collection.decibelinsight.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.etracker.com/ https://*.etracker.de/ https://*.signalize.com/; img-src 'self' data: s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com i.ytimg.com; frame-src 'self' www.youtube.com; child-src 'self' www.youtube.com; 2 : default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2 default-src https: 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self' https://csi.gstatic.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://capture.trackjs.com https://www.google.com https://*.hotjar.com:* wss://*.hotjar.com https://bam.nr-data.net 'report-sample' https://static.zdassets.com https://ekr.zdassets.com https://internations.zendesk.com https://*.zopim.com wss://internations.zendesk.com wss://*.zopim.com; font-src 'self' https://assets.in-cdn.net/ https://fonts.gstatic.com https://static.hotjar.com https://*.zuora.com 'report-sample'; frame-src https: appsflyerevent: fbrpc: 'report-sample'; img-src https: blob: data: https://v2assets.zopim.io https://static.zdassets.com; manifest-src 'self' 'report-sample'; media-src 'none'; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://*.zuora.com 'report-sample' https://static.zdassets.com https://ekr.zdassets.com https://internations.zendesk.com https://*.zopim.com wss://internations.zendesk.com wss://*.zopim.com; style-src 'unsafe-inline' https://assets.in-cdn.net/ https://fonts.googleapis.com https://www.gstatic.com https://eu.gcsip.nl 'report-sample'; report-uri https://internations.report-uri.com/r/t/csp/reportOnly 2 default-src 'self' data: blob: *.ulikecam.com *.snssdk.com;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com;script-src-elem data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.bootcss.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com;frame-ancestors *.ulikecam.com;frame-src bytedance:;media-src *.bytecdn.cn *.365yg.com *.ixigua.com *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytescm.com;style-src 'unsafe-inline' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn;connect-src *.snssdk.com *.bytedance.net *.ulikecam.com *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytedance.com safe.usergrowth.com.cn *.zijieapi.com;img-src *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.qq.com *.bytecdn.cn data: *.byteimg.com *.bytedance.net *.ulikecam.com *.gstatic.com android-webview-video-poster *.bytednsdoc.com *.bytescm.com *byteacctimg.com *.bytecdn.com;font-src data: *.byted.org *.alicdn.com *.gstatic.com;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=ulike_activity 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: nj.gov *.twitter.com *.googleapis.com adservice.google.com s.yimg.com *.adsrvr.org buttons-config.sharethis.com clients1.google.com maxcdn.bootstrapcdn.com 77497.global.siteimproveanalytics.io code.jquery.com cdnjs.cloudflare.com dialogflow.cloud.google.com *.cloudfront.net 1468.global.siteimproveanalytics.io use.fontawesome.com www.credit-card-logos.com ka-f.fontawesome.com public.govdelivery.com *.nj.gov *.state.nj.us translate.google.com www.gstatic.com www.google.com *.facebook.com kit.fontawesome.com www.youtube.com p.typekit.net www.google-analytics.com platform-api.sharethis.com www.njsp.org imgssl.constantcontact.com sp.analytics.yahoo.com *.custhelp.com *.ads-twitter.com stackpath.bootstrapcdn.com use.typekit.net cse.google.com njdoc.gov cognito-identity.us-east-1.amazonaws.com *.doubleclick.net www.njaqinow.net sdk.amazonaws.com malsup.github.io *.tiktok.com www.rnengage.com cdn.datatables.net static.dialogflow.com l.sharethis.com *.facebook.net www.googletagmanager.com server.arcgisonline.com *.addthis.com content.govdelivery.com siteimproveanalytics.com t.co fonts.google.com oss.maxcdn.com *.arcgis.com at.alicdn.com fonts.gstatic.com; form-action *.nj.gov *.state.nj.us www.google.com nj.gov; frame-ancestors 'self' ; report-uri /csp_report 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2 default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 2 object-src players.brightcove.net www.realpage.com s.realpage.com vjs.zencdn.net;img-src * blob: data: ; font-src acsbapp.com www.realpage.com s.realpage.com use.typekit.net fonts.gstatic.com vjs.zencdn.net maxcdn.bootstrapcdn.com www.slant.co data:; style-src *.typekit.net *.realpage.com fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com www.on-site.com; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 2 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.gstatic.com https://cdn.jsdelivr.net https://*.googlesyndication.com https://*.ingenuity.com https://ssl.google-analytics.com https://*.youtube.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js https://app.cdn.lookbookhq.com/libraries/overlay/overlay.js https://*.adroll.com https://assets.adobedtm.com https://qiagen.my.salesforce.com/embeddedservice/5.0/utils/common.min.js https://*.nr-data.net https://cdn-app.pathfactory.com https://cdnjs.cloudflare.com/ajax/libs/arrive/2.4.1/arrive.min.js https://code.jquery.com https://*.facebook.net https://*.facebook.com https://consent.cookiebot.com/ https://qiagen.my.salesforce.com/embeddedservice/5.0/client/invite.esw.min.js https://consentcdn.cookiebot.com https://*.salesforceliveagent.com/ https://img.en25.com/i/elqCfg.min.js https://js-agent.newrelic.com/nr-spa-1216.min.js https://maps.googleapis.com/ https://*.salesforce.com https://qiagen.my.salesforce.com https://*.eloqua.com https://script.hotjar.com/ https://static.hotjar.com https://static.ads-twitter.com/uwt.js https://www.google-analytics.com/analytics.js https://*.google.com https://*.googletagmanager.com; style-src 'report-sample' 'self' 'unsafe-inline' https://isec-widgets.ingenuity.com https://app.cdn.lookbookhq.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://qiagen.my.salesforce.com https://www.google.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: https://vc.hotjar.io https://stats.g.doubleclick.net *.hotjar.com https://bam.eu01.nr-data.net wss://ws4.hotjar.com/api/v2/client/ws https://consentcdn.cookiebot.com https://d.adroll.com https://*.algolia.net https://in.hotjar.com https://jukebox.pathfactory.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://*.analytics.google.com https://*.facebook.com https://spcollector.pathfactory.com; font-src 'self' data: https://cdn.pathfactory.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://script.hotjar.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://brainstormforce.github.io *.cookiebot.com https://*.youtube.com https://qiagenbioinformatics.23video.com https://tv.qiagenbioinformatics.com https://consentcdn.cookiebot.com https://qiagen.my.salesforce.com https://vars.hotjar.com https://www.facebook.com; img-src 'self' data: https://cdn.pathfactory.com https://ssl.google-analytics.com https://analytics.twitter.com https://*.google.com https://*.google.co.uk https://d.adroll.com https://s.adroll.com https://*.eloqua.com https://secure.gravatar.com https://*.eloqua.com https://t.co https://www.facebook.com https://*.bidswitch.net *.g.doubleclick.net *.rubiconproject.com *.casalmedia.com *.openx.net *.pubmatic.com *.outbrain.com ups.analytics.yahoo.com *.caselemedia.com *.taboola.com *.3lift.com *.adnxs.com https://www.google-analytics.com; manifest-sr 'self'; media-src 'self'; report-uri https://*.endpoint.csper.io; worker-src 'self' ; 2 default-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' https: wss: moz-extension: chrome-extension: http://fonts.googleapis.com/ http://whova.com http://*.twimg.com; report-uri https://whova.com/_csp 2 report-uri https://report-uri.cmcmarkets.com/csp; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://oaf.cmcmarkets.com https://p.teads.tv https://assets.cmcmarkets.com https://cdn-ukwest.onetrust.com https://cdn.amplitude.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net https://*.go-mpulse.net https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://utt.impactcdn.com https://widget.trustpilot.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com/gtm.js https://www.redditstatic.com/ads/pixel.js https://www.youtube.com/player_api https://fast.wistia.com https://eficlient.heckyl.com https://z.moatads.com https://www.youtube.com https://s.go-mpulse.net https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://unpkg.com https://utt.impactcdn.com https://www.redditstatic.com https://script.hotjar.com https://static.hotjar.com https://s.go-mpulse.net https://cdn-ukwest.onetrust.com https://widget.trustpilot.com https://www.google.com http://assets.cmcmarkets.com https://cdn.amplitude.com https://cdn.optimizely.com https://chat.cmcmarkets.com https://jssdkcdns.mparticle.com https://platform.twitter.com https://www.linkedin.com https://www.google-analytics.com https://cdn.appdynamics.com https://connect.facebook.net https://www.googletagmanager.com https://ds-aksb-a.akamaihd.net http://bat.bing.com http://static.ads-twitter.com http://uat-assets.cmcmarkets.com http://www.googleadservices.com https://analytics.twitter.com https://assets.cmcmarkets.com https://bat.bing.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://sjs.bizographics.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.linkedin.oribi.io https://rs.fullstory.com https://api.amplitude.com https://assets.cmcmarkets.com https://cdn-ukwest.onetrust.com https://col.eum-appdynamics.com https://geolocation.onetrust.com https://identity.mparticle.com https://in.hotjar.com https://jssdkcdns.mparticle.com https://jssdks.mparticle.com https://oaf.cmcmarkets.com https://privacyportal-uk.onetrust.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://www.google-analytics.com wss://*.hotjar.com https://*.addthis.com https://m.addthis.com https://api-public.addthis.com https://connect.facebook.net https://px.ads.linkedin.com https://analytics.twitter.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.linkedin.com https://logx.optimizely.com https://www.google-analytics.com https://*.akstat.io https://c.go-mpulse.net https://*.techlab-cdn.com https://privacyportal-uk.onetrust.com https://*.google-analytics.com https://*.braze.eu https://stats.g.doubleclick.net https://in.hotjar.com https://*.googletagmanager.com; font-src 'self' data: https://assets.cmcmarkets.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://lpcdn.lpsnmedia.net https://www.facebook.com https://oaf.cmcmarkets.com https://*.doubleclick.net https://signup.cmcmarkets.com https://vars.hotjar.com https://widget.trustpilot.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://*.addthis.com https://eficlient.heckyl.com; img-src 'self' data: https://px.ads.linkedin.com https://www.linkedin.com https://col.eum-appdynamics.com https://alb.reddit.com https://analytics.twitter.com https://assets.cmcmarkets.com https://cdn-ukwest.onetrust.com https://chat.cmcmarkets.com https://googleads.g.doubleclick.net https://i.ytimg.com https://px.ads.linkedin.com https://t.co https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://*.ytimg.com https://*.cmcmarkets.com http://bat.bing.com http://t.co https://www.facebook.com https://ds-aksb-a.akamaihd.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://analytics.twitter.com https://cdn-ukwest.onetrust.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com; manifest-src 'self'; media-src 'self' https://assets.cmcmarkets.com https://chat.cmcmarkets.com https://*.akstat.io https://c.go-mpulse.net https://in.hotjar.com https://*.google-analytics.com https://*.hotjar.com https://*.algolia.net https://*.algolianet.com wss://*.hotjar.com https://api-public.addthis.com https://m.addthis.com; worker-src 'none'; style-src 'self' 'unsafe-inline' https://assets.cmcmarkets.com http://assets.cmcmarkets.com https://chat.cmcmarkets.com https://use.fontawesome.com; 2 script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 2 worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://pmc.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; worker-src 'self'; child-src 'none'; frame-src 'none'; frame-ancestors 'none'; 2 default-src 'self' https://exercism.org https://api.exercism.org https://d24y9kuxp2d7l2.cloudfront.net; connect-src 'self' ws://exercism.org https://cdn.jsdelivr.net; img-src 'self' data: https://*; media-src *; script-src 'self' https://exercism.org https://api.exercism.org https://d24y9kuxp2d7l2.cloudfront.net https://js.stripe.com https://cdn.jsdelivr.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src https://js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; style-src 'self' https://exercism.org https://api.exercism.org https://d24y9kuxp2d7l2.cloudfront.net 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; child-src 'none' 2 default-src 'self' *.meo.pt *.altice-empresas.pt; script-src 'self' *.meo.pt *.altice-empresas.pt *.googletagmanager.com *.google-analytics.com analytics.google.com quantcast.mgr.consensu.org *.quantcast.mgr.consensu.org *.byside.com secure.quantserve.com cdnjs.cloudflare.com *.googleoptimize.com *.hotjar.com *.googleadservices.com googleads.g.doubleclick.net rules.quantcount.com connect.facebook.net *.heatmap.it analytics.tiktok.com tags.bkrtx.com img.botschool.ai gateway.zscaler.net *.gstatic.com selo.confio.pt maps.googleapis.com *.inside-graph.com *.google.com *.quantcast.com *.cdp.meo.velocidi.io 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.meo.pt *.altice-empresas.pt img.botschool.ai *.googleapis.com gateway.zscaler.net selo.confio.pt webcare.byside.com 'unsafe-inline' eu-cdn.inside-graph.com use.fontawesome.com; img-src 'self' *.meo.pt *.altice-empresas.pt *.google-analytics.com analytics.google.com quantcast.mgr.consensu.org *.quantcast.mgr.consensu.org *.byside.com *.google.com *.google.pt picsum.photos *.picsum.photos *.facebook.com *.heatmap.it *.quantserve.com sync.1rx.io sync.targeting.unrulymedia.com *.googletagmanager.com img.botschool.ai gateway.zscaler.net pbs.twimg.com *.google.es thumbs.web.sapo.io *.googlesyndication.com googleads.g.doubleclick.net pixel.rubiconproject.com selo.confio.pt *.insided.com sync.teads.tv match.sharethrough.com *.googleapis.com maps.gstatic.com *.inside-graph.com *.qccerttest.com data:; font-src 'self' *.meo.pt *.altice-empresas.pt *.fontawesome.com fonts.gstatic.com gateway.zscaler.net data:; connect-src 'self' *.meo.pt *.altice-empresas.pt *.google.com *.googletagmanager.com *.google-analytics.com analytics.google.com quantcast.mgr.consensu.org *.quantcast.mgr.consensu.org *.byside.com *.doubleclick.net wss://*.byside.com analytics.tiktok.com api.botschool.ai wss://*.botschool.ai gateway.zscaler.net *.google.pt wss://*.inside-graph.com *.inside-graph.com *.sapo.pt *.hotjar.com *.hotjar.io *.analytics.google.com *.google-analytics.com *.googlesyndication.com signet-spot.telecom.pt *.googleapis.com wss://*.hotjar.com *.quantcast.com *.facebook.com; prefetch-src 'self' *.meo.pt *.altice-empresas.pt gateway.zscaler.net; form-action 'self' *.meo.pt *.altice-empresas.pt *.facebook.com gateway.zscaler.net *.byside.com; base-uri 'self'; upgrade-insecure-requests ; frame-src 'self' *.meo.pt *.altice-empresas.pt *.hotjar.com *.facebook.com *.bluekai.com *.doubleclick.net gateway.zscaler.net *.googletagmanager.com *.google.com *.inside-graph.com signet-spot.telecom.pt meoteste.speedtestcustom.com *.youtube.com *.byside.com *.cdp.meo.velocidi.io; frame-ancestors 'self' *.meo.pt *.altice-empresas.pt gateway.zscaler.net 2 report-uri /cspreport; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adobedtm.com https://bat.bing.com https://*.cookielaw.org https://karwei.bbvms.com https://*.bazaarvoice.com https://*.clarity.ms https://cloudstatic.obi4wan.com https://connect.getflowbox.com https://*.facebook.net www.google.com https://www.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.mopinion.com https://*.pinimg.com https://tdn.r42tag.com https://*.relay42.com https://app.aiden.cx; object-src 'self' 2 script-src 'self' 'unsafe-eval' chrome-extension: https://app.uiscom.ru https://dsp.setl.ru https://smartcallback.ru 'unsafe-inline' 'unsafe-inline' https://image.sendsay.ru https://abt.s3.yandex.net https://mc.yandex.ru https://www.google-analytics.com https://top-fwz1.mail.ru https://vk.com https://api-maps.yandex.ru https://mc.yandex.com https://www.google.com https://yatr.ru https://www.gstatic.com https://iclicks.io https://www.googletagmanager.com https://ad.adriver.ru https://tags.soloway.ru https://content.adriver.ru https://mc.yandex.by https://server.comagic.ru 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://www.google.com chrome-extension: https://spbrealty.ru https://iclicks.io https://content.adriver.ru https://yatr.ru https://server.comagic.ru https://mc.yandex.ru https://metrika.yandex.ru https://acestream.me https://mc.yandex.com https://gateway.zscalertwo.net https://creativecdn.com https://gum.criteo.com https://dl.metabar.ru; object-src 'self'; report-uri /cspreportonly; 2 default-src 'self' *.my127.site blob: *.webpipeline.net *.my127.site *.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net *.typekit.net *.nr-data.net *.buyatab.com *.aman.com *.quantummetric.com 'unsafe-inline' 'unsafe-eval'; worker-src blob:; child-src blob:;; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.webpipeline.net *.brightcove.net *.googletagmanager.com *.newrelic.com *.nr-data.net *.typekit.net *.buyatab.com *.aman.com *.ipstack.com *.quantummetric.com *.doubleclick.net *.googleadservices.com impactradius-event.com utt.impactcdn.com *.cinnox.com *.gstatic.com *.onetrust.com *.synxis.com *.recaptcha.net *.google.com logs-01.loggly.com ojrq.net *.zencdn.net *.thehotelsnetwork.com *.google-analytics.com; style-src 'self' 'unsafe-inline' cloud.typography.com *.webpipeline.net *.buyatab.com *.aman.com *.cinnox.com *.googleapis.com *.bootstrapcdn.com *.synxis.com; img-src 'self' *.my127.site data: *.webpipeline.net *.brightcove.net *.brightcove.com *.googletagmanager.com *.buyatab.com *.aman.com *.cinnox.com *.boltdns.net *.google-analytics.com *.onetrust.com; media-src 'self' blob: *.buyatab.com *.aman.com *.akamaihd.net *.boltdns.net; frame-src *; frame-ancestors 'self'; font-src 'self' *.my127.site data: *.webpipeline.net *.typekit.net *.aman.com *.gstatic.com *.cinnox.com; connect-src 'self' *.my127.site *.aman.com *.boltdns.net *.thehotelsnetwork.com *.quantummetric.com *.akamaihd.net *.doubleclick.net *.google-analytics.com *.nr-data.net ws: 'unsafe-eval' *.googleapis.com *.onetrust.com *.synxis.com *.cinnox.com impactradius-event.com utt.impactcdn.com *.brightcove.com ojrq.net logs-01.loggly.com amanresorts.pxf.io; report-uri https://aman.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 2 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googleoptimize.com https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 2 default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 2 frame-ancestors 'self' https://www.konicaminolta.us;block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://translate.google.com https://translate.googleapis.com https://use.typekit.net https://*.googletagmanager.com https://*.google-analytics.com https://gateway.zscloud.net https://e7q9u6c7.stackpathcdn.com https://connect.facebook.net https://secure.gravatar.com https://cdnjs.cloudflare.com https://script.crazyegg.com;style-src 'self' 'report-sample' 'unsafe-inline' translate.googleapis.com *.typekit.net pwm-image.trendmicro.com gateway.zscloud.net e7q9u6c7.stackpathcdn.com secure.gravatar.com fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com;object-src 'none';frame-src 'self' pwm-image.trendmicro.com connect.facebook.net *.facebook.com www.googletagmanager.com;child-src 'self' blob: connect.facebook.net *.facebook.com www.googletagmanager.com;img-src 'self' www.gstatic.com translate.googleapis.com translate.google.com *.typekit.net *.facebook.com *.gstatic.com https://*.zscloud.net *.konicaminolta.us *.stackpathcdn.com;font-src 'self' data: *.avast.com use.typekit.net at.alicdn.com gateway.zscloud.net e7q9u6c7.stackpathcdn.com fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.fontawesome.com;connect-src 'self' www.gstatic.com translate.google.com translate.googleapis.com performance.typekit.net use.typekit.net e7q9u6c7.stackpathcdn.com kmbs.konicaminolta.us connect.facebook.net *.facebook.com *.gravatar.com fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com *.crazyegg.com about: stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com;manifest-src 'self';base-uri 'self';form-action 'self' connect.facebook.net *.facebook.com;media-src 'self' data: *.w.org;prefetch-src 'self';worker-src 'self' blob:;report-uri https://gate.rapidsec.net/g/r/csp/3bc35b59-d482-4ea8-b706-d773c5ea44c1/0/6/-1?sdkv=1.3.4_agent-wordpress&sct=3b9e9f44-bbbd-4c70-932c-b62796e0a6be&dpos=report; 2 frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.getsmartcontent.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://munchkin.marketo.net https://s.getsmartcontent.com https://s.swiftypecdn.com https://snap.licdn.com https://snippet.ramblechat.com https://tracker.mrpfd.com https://vidassets.terminus.services https://opench.bamboohr.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com 2 default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-XKF+2xYdf864jiirolkfAA=='; style-src 'self' www.gstatic.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://csp-reporter.publishing.service.gov.uk/report 2 font-src 'self' unsafe-inline; frame-src 'self' unsafe-inline; style-src unsafe-inline report-sample 'self'; script-src report-sample 'self' unsafe-inline; 2 default-src 'self' *.fontawesome.com *.visualstudio.com cdn.cookielaw.org *.azure.com *.krxd.net *.facebook.com *.googletagmanager.com *.linkedin.oribi.io *.google.com *.doubleclick.net *.liveperson.net *.google-analytics.com fintactix.com *.adsrvr.org *.lpsnmedia.net *.elfsight.com;script-src 'self' 'unsafe-inline' unpkg.com code.jquery.com stackpath.bootstrapcdn.com customer.cludo.com cdnjs.cloudflare.com *.fontawesome.com *.googletagmanager.com *.licdn.com *.convergetrack.com js.monitor.azure.com *.adroll.com *.facebook.net *.google-analytics.com *.doubleclick.net *.lpsnmedia.net *.liveperson.net *.adsrvr.org *.google.com *.elfsight.com cdn.cookielaw.org;style-src 'self' 'unsafe-inline' customer.cludo.com fonts.googleapis.com;img-src 'self' data: *.adsrvr.org *.convergetrack.com *.demdex.net *.google.com *.lpsnmedia.net *.linkedin.com *.facebook.com *.krxd.com *.krxd.net *.adroll.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.elfsight.com;font-src 'self' fonts.gstatic.com *.fontawesome.com 2 frame-ancestors 'self'; report-uri https://www.bodyandsoul.com.au/csp-reports 2 frame-ancestors https://*.naumen.ru http://webvisor.com http://*.webvisor.com https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; upgrade-insecure-requests; report-uri /csp-report-avolhin-req138141.php 2 default-src 'self' 'unsafe-inline' https://nexon.com.au https://*.nexon.com.au; script-src 'self' 'unsafe-inline' https://www.youtube.com https://googleads.g.doubleclick.net/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://munchkin.marketo.net https://www.gstatic.com https://www.google-analytics.com https://go.nexon.com.au https://*.googletagmanager.com https://*.cloudflare.com https://go.nexon.com.au:* https://go.nexon.com.au/ https://code.jquery.com https://connect.facebook.net https://stackpath.bootstrapcdn.com https://snap.licdn.com; script-src-elem 'self' 'unsafe-inline' https://googleads.g.doubleclick.net/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://munchkin.marketo.net https://www.gstatic.com https://www.google-analytics.com https://go.nexon.com.au https://*.googletagmanager.com https://*.cloudflare.com https://go.nexon.com.au:* https://go.nexon.com.au/ https://code.jquery.com https://connect.facebook.net https://stackpath.bootstrapcdn.com https://snap.licdn.com; script-src-attr 'self' 'unsafe-inline' https://googleads.g.doubleclick.net/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://munchkin.marketo.net https://www.gstatic.com https://www.google-analytics.com https://go.nexon.com.au https://*.googletagmanager.com https://*.cloudflare.com https://go.nexon.com.au:* https://go.nexon.com.au/ https://code.jquery.com https://connect.facebook.net https://stackpath.bootstrapcdn.com https://snap.licdn.com; style-src * 'self' 'unsafe-inline'; style-src-elem * 'self' 'unsafe-inline'; style-src-attr * 'self' 'unsafe-inline'; img-src 'self' https://*.nexon.com.au https://www.facebook.com https://go.nexon.com.au https://px.ads.linkedin.com; font-src * 'self' data:; connect-src 'self' https://www.youtube.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://837-cjs-664.mktoresp.com; media-src 'self' youtube.com wistia.com; child-src 'self' https://youtube.com https://www.youtube.com; frame-src 'self' https://marketo.com:* https://*.nexon.com.au; form-action 'self' https://go.nexon.com.au https://munchkin.marketo.net 2 report-uri default-src 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.google.com *.gstatic.com *.googletagmanager.com 2 default-src * data:; script-src * 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr *; style-src * 'unsafe-inline' blob:; style-src-elem * 'unsafe-inline'; style-src-attr * 'unsafe-inline'; img-src * 'self' data: blob:; font-src * 'self' data: blob:; connect-src * 'self' blob:; media-src * 'self' blob:; object-src * 'self' 'unsafe-inline' blob:; prefetch-src * 'self' blob:; child-src * 'self' blob:; frame-src * 'self' blob:; worker-src * 'self' blob:; frame-ancestors * 'self' blob:; form-action *; upgrade-insecure-requests; base-uri * 'self'; manifest-src * blob: sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts allow-top-navigation allow-top-navigation-to-custom-protocols; 2 base-uri 'self'; frame-src 'self' cookiejar.mondly.com www.facebook.com optimize.google.com bid.g.doubleclick.net secure.livechatinc.com www.googletagmanager.com 7f075c3104c14b369e4245a534bf1142.pages.ubembed.com secure.2checkout.com; frame-ancestors 'self' *.mondly.com; font-src 'self' data: d37sy4vufic209.cloudfront.net fonts.gstatic.com; img-src 'self' data: https://*; media-src 'self' d37sy4vufic209.cloudfront.net mondly-languages-audio.azureedge.net; style-src 'self' 'unsafe-inline' d37sy4vufic209.cloudfront.net optimize.google.com fonts.googleapis.com tagmanager.google.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' d37sy4vufic209.cloudfront.net www.google.com connect.facebook.net cdn.livechatinc.com api.livechatinc.com optimize.google.com tagmanager.google.com secure.livechatinc.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net 7f075c3104c14b369e4245a534bf1142.js.ubembed.com analytics.tiktok.com assets.ubembed.com cdn.cookielaw.org www.googleoptimize.com static.ads-twitter.com www.clarity.ms 2 default-src 'unsafe-inline' 'unsafe-eval' https: blob: data:; object-src 'self'; base-uri 'self'; form-action 'self' https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com; 2 default-src 'self';img-src * blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com code.jquery.com js.hsforms.net www.googletagmanager.com *.wp.com www.mysanfordchart.org *.addthis.com *.adroll.com *.adsrvr.org *.ads-twitter.com *.clarity.ms *.cloudfront.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.invocacdn.com *.liveperson.net *.lpsnmedia.net *.mpio.io *.onesignal.com *.qualtrics.com *.quantcount.com *.quantserve.com *.serving-sys.com *.simpli.fi *.siteintercept.qualtrics.com *.talentegy.com *.tvsquared.com *.twitter.com *.v.liveperson.net *.vimeo.com *.vimeocdn.com aa.agkn.com ajax.aspnetcdn.com analytics.talentegy.com assets.sitescdn.net az416426.vo.msecnd.net bat.bing.com cdn.mouseflow.com cdn.popt.in chimpstatic.com data.adxcel-ec2.com embed.typeform.com forms.hsforms.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com my.hellobar.com onesignal.com pixel.mathtag.com pixel.videohub.tv pnapi.invoca.net px.ads.linkedin.com rules.quantcount.com s.amazon-adsystem.com s.pinimg.com s3.amazonaws.com/checkout.squadup.com/default/css/bootstrap-namespace.min.css sanfordhealth.mdmatchup.com script.crazyegg.com sc-static.net sfapi.formstack.io siteimproveanalytics.com snap.licdn.com static.addtoany.com static.cloud.coveo.com tags.srv.stackadapt.com tracking.logpostback.com transparency.nrchealth.com trkn.us v1.addthisedge.com www.buzzsprout.com www.groupexpro.com www.youtube.com www.ypo.education/js/jsembedcode.js z.moatads.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com www.mysanfordchart.org *.wp.com *.formstack.com *.gstatic.com *.vimeocdn.com cdn.thinglink.me checkout.stripe.com formsprod.azureedge.net onesignal.com static.cloud.coveo.com tags.srv.stackadapt.com www.groupexpro.com www.youtube.com;font-src 'self' data: *.fontawesome.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com *.wp.com *.formstack.com *.gstatic.com *.googleusercontent.com;frame-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com www.googletagmanager.com *.wp.com tools.sanfordhealthplan.com www.mysanfordchart.org *.addthis.com *.adsrvr.org *.c.liveperson.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.ipcamlive.com *.lpsnmedia.net *.snapchat.com *.soundcloud.com *.stripe.com *.twitter.com *.v.liveperson.net *.vimeo.com *.youtube.com cdn.onesignal.com e.issuu.com fast.wistia.net forms.hsforms.com host.visualcalc.com js.hsadspixel.net js.hsforms.net pixel.mathtag.com players.brightcove.net sanfordhealth.mdmatchup.com static.addtoany.com vimeo.com www.buzzsprout.com www.pinterest.ca www.pinterest.co.uk www.pinterest.com www.pinterest.fr www.pinterest.it www.pinterest.ph ct.pinterest.com www.thinglink.com;frame-ancestors 'self' www.mysanfordchart.org;connect-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com my.wpengine.com public-api.wordpress.com yoast.com *.addthis.com *.adroll.com *.clarity.ms *.doubleclick.net *.g.doubleclick.net *.gannettdigital.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.linkedin.oribi.io *.onesignal.com *.pinterest.com *.quantcount.com *.reachlocalservices.com *.serving-sys.com *.snapchat.com *.squadup.com *.twitter.com *.vimeocdn.com *.z1.dca0.com api.hubapi.com az416426.vo.msecnd.net bat.bing.com dc.services.visualstudio.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net js.hscollectedforms.net n2.mouseflow.com onesignal.com pnapi.invoca.net sanfordhealth.formstack.com sfapi.formstack.io usageanalytics.coveo.com;form-action 'self' *.fontawesome.com cdnjs.cloudflare.com *.sanfordhealthfoundation.org my.wpengine.com yoast.com *.adroll.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.pinterest.com *.serving-sys.com *.snapchat.com *.vimeocdn.com api.hubapi.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com;media-src * data:;object-src 'none';report-uri https://csp-reporting.sanfordhealth.org/; 2 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2 default-src data: 'unsafe-inline' 'unsafe-eval' https:; base-uri https:; form-action https:; frame-ancestors https:; report-uri https://torontopubliclibrary.report-uri.com/r/d/csp/reportOnly; 2 manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests ; frame-ancestors 'self' clientelastaging.papersource.com https://s7.addthis.com; form-action 'self' https://1.camp.papersource.com:9101 https://accounts.google.com https://www.facebook.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://papersource.resultsstage.com https://tagmanager.google.com https://papersource.resultspage.com https://cdn.cookielaw.org getfirebug.com fonts.googleapis.com *.subscribepro.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypal.com https://www.paypalobjects.com https://core.spreedly.com https://papersource.resultspage.com https://app.customily.com https://js-agent.newrelic.com https://papersource.resultsstage.com https://*.addthis.com https://*.addthisedge.com https://www.google-analytics.com https://*.optimove.net https://*.optimove.events https://static.zdassets.com https://bam.nr-data.net https://z.moatads.com https://v1.addthisedge.com https://widget-mediator.zopim.com/* https://widgets.pinterest.com https://graph.facebook.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://assets.pinterest.com/js/pinmarklet.js https://cdn.gartnerstudios.com https://tags.bkrtx.com https://cdn.attn.tv https://insights.bizrate.com https://*.bizrate.com *.mouseflow.com https://cdn.cookielaw.org assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.customily.com https://*.amazonaws.com *.vantivprelive.com *.vantivcnp.com https://www.mczbf.com https://service.maxymiser.net core.spreedly.com *.subscribepro.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; media-src https://static.zdassets.com; img-src 'self' data: https://*.scene7.com https://*.paypal.com https://www.paypalobjects.com https://store.paradoxlabs.com https://papersource.resultsstage.com https://assets.resultspage.com https://www.google-analytics.com https://*.optimove.net https://*.gstatic.com https://www.googletagmanager.com https://bam.nr-data.net https://stats.g.doubleclick.net https://api.gartnerstudios.com https://app.customily.com https://cm.g.doubleclick.net/pixel* https://create.paper-source.com/* https://gcm.optimove.events/setCookie* https://www.addthis.com/bookmark.php https://log.pinterest.com https://cm.g.doubleclick.net https://gcm.optimove.events https://www.google.com/ads/ga-audiences https://*.google.com https://*.papersource.com https://*.paper-source.com https://*.emjcd.com https://*.dotomi.com *.mouseflow.com https://cdn.cookielaw.org assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://*.customily.com https://*.amazonaws.com 'self' data: store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/* https://s7.addthis.com https://assets.pinterest.com https://login.dotomi.com https://www.google.com https://stags.bluekai.com https://core.conversant.mgr.consensu.org https://papersource.attn.tv fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de core.spreedly.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://static.zdassets.com https://tagmanager.google.com https://papersource.resultsstage.com fonts.googleapis.com fonts.gstatic.com https://*.customily.com https://*.amazonaws.com 'self' data: *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; connect-src 'self' https://*.addthis.com https://www.paypal.com https://*.optimove.events https://*.optimove.net https://ekr.zdassets.com https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://papersource.zendesk.com https://bam.nr-data.net wss://widget-mediator.zopim.com/* wss://widget-mediator.zopim.com https://static.zdassets.com https://app.customily.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://api.gartnerstudios.com/ https://cdn.gartnerstudios.com/ https://1.camp.papersource.com:9101/gartner/images https://*.sjwoe.co https://*.pinterest.com https://cdn.cookielaw.org https://*.googleapis.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://*.customily.com https://*.amazonaws.com *.mczbf.com *.doubleclick.net *.google-analytics.com *.zendesk.com *.optimove.net *.zopim.com *.attn.tv *.subscribepro.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; default-src 'self' https://static.zdassets.com https://s7.addthis.com/static/sh* 'self' 'unsafe-inline' 'unsafe-eval'; 2 font-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com *.hotjar.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.awin1.com *.zenaps.com *.fls.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com *.cookiebot.com www.youtube.com vars.hotjar.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.awin1.com *.zenaps.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com pls.webtype.com www.w3.org data: www.google.com www.google.de www.google.com.ua googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com *.ytimg.com bat.bing.com head.locally.com *.hotjar.com img.youtube.com *.oppwa.com oppwa.com https://a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adyen.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com js-agent.newrelic.com bam.nr-data.net www.google.com *.googleapis.com *.scarabresearch.com head.locally.com bat.bing.com hit.uptrendsdata.com/ static.hotjar.com script.hotjar.com www.googleadservices.com *.cookiebot.com connect.getflowbox.com www.gstatic.com *.abtasty.com *.oppwa.com oppwa.com https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com https://the.sciencebehindecommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com bam.nr-data.net webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com oppwa.com *.oppwa.com hit.uptrendsdata.com/ *.abtasty.com https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: 'unsafe-inline' 'unsafe-eval' data:;report-uri /error/cspreport;connect-src ws: https: 'unsafe-inline' 'unsafe-eval' data:; 2 frame-ancestors 'self'; report-uri https://www.goldcoastbulletin.com.au/csp-reports 2 script-src 'self' https://ajax.googleapis.com https://f1000research.s3-eu-west-1.amazonaws.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://js.hs-scripts.com 2 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk *.qumucloud.com static.ads-twitter.com t.co www.brightedge.com;https://public.tableau.com; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 2 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.wp.com http://*.wp.com *.wp.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://platform.twitter.com http://platform.twitter.com platform.twitter.com https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline'; 2 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.diadoc.ru/csp 2 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://prod-122.westeurope.logic.azure.com:443/workflows/01984d6e9c024329a7bc2f47040e07d6/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=OiubQKbOWclL4hq_kKfYYmI4qgZ00SPNA0A8ttRtsTQ 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src https: ws:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline';img-src 'self' data: https: 2 script-src 'self' 'unsafe-inline' chrome-extension: http://ajax.googleapis.com http://bitrix.info https://www.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru 'unsafe-eval' http://195.34.49.19 https://connect.facebook.net https://api-maps.yandex.ru https://yastatic.net http://p.mobilebanner.ru 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://mc.yandex.ru chrome-extension: https://ad.mail.ru https://mc.yandex.md https://dl.metabar.ru https://www.facebook.com https://mc.yandex.com http://guvenliinternet.turkcell.com.tr https://bilgilendirme.turkcell.com.tr; object-src 'self'; report-uri /cspreportonly; 2 default-src https: data: 'unsafe-inline' 'unsafe-eval';report-uri /wsapi/rest/v1/logging/reportcspviolation; 2 connect-src 'self' https://www.google-analytics.com; default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com https://secure.trust-provider.com http://www.trustlogo.com/; child-src https://helpdesk.netservicesgroup.com http://openspeedtest.com https://urldefense.proofpoint.com https://quickclick.com; style-src 'self' https://www.netservicesgroup.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://secure.trust-provider.com 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' https://secure.comodo.com; script-src 'self' https://secure.trust-provider.com http://www.trustlogo.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://secure.comodo.com 'sha256-YG4fTNWYCHAm4AVC2mnK8Tj09alaJWJTk+LJy+5kHho=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' 'sha256-/LNrhX3k9yooaUcjJ9wGqDoSJEFQEozZc8jtdbq+lMg=' 'sha256-ahfvWH65y6WEYvXXrsReZDD9l5f9wMFjeLjl+8hkRIg=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc='; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 2 default-src 'self' data: mediastream: blob: 'unsafe-inline' 'unsafe-eval' inline *.ibytedtos.com *.isnssdk.com *.resso.app resso.app *.resso.com resso.com *.resso.me *.snssdk.com *.byteoversea.net *.ibyteimg.com *.ipstatp.com *.tiktokv.com *.byteoversea.com music.tiktok.com tiktokmusic-test.bytedance.net;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=m_home 2 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.cmore.se https://*.cmore.dk https://*.cmore.no; report-uri https://csp-report.b17g.net/ 2 default-src 'self'; frame-src *.recaptcha.net platform.twitter.com *.youtube.com youtube.com; script-src 'sha256-L1bMXlxxAvxbfubAEeucoE+AYNcaqyQBjtpJ2A49Jy8=' 'self' 'self' *.procreate.art *.procreate.com *.sentry.io *.gstatic.com *.recaptcha.net *.youtube.com/embed platform.twitter.com *.google-analytics.com google-analytics.com https://www.gstatic.cn/recaptcha ssl.google-analytics.com; worker-src 'self' blob:; img-src 'self' 'unsafe-inline' blob: data: *.procreate.art *.procreate.com *.savage.si *.mux.com *.ytimg.com www.google-analytics.com ssl.google-analytics.com; connect-src 'self' blob: *.procreate.art *.procreate.com *.sentry.io *.savage.si *.google-analytics.com google-analytics.com *.mux.com www.google-analytics.com savage-support-request-files.s3-accelerate.amazonaws.com; media-src 'self' blob: *.procreate.art *.procreate.com *.savage.si *.mux.com; style-src 'unsafe-inline' *.procreate.art *.procreate.com; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; object-src 'none' 2 default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; referrer no-referrer-when-downgrade; upgrade-insecure-requests; block-all-mixed-content; report-uri https://cosmb.report-uri.io/r/default/csp/reportOnly; 2 default-src 'self' *.meo.pt *.altice-empresas.pt; script-src 'self' *.meo.pt *.altice-empresas.pt *.googletagmanager.com *.google-analytics.com *.google.com quantcast.mgr.consensu.org *.quantcast.mgr.consensu.org *.byside.com secure.quantserve.com cdnjs.cloudflare.com *.googleoptimize.com *.hotjar.com *.googleadservices.com googleads.g.doubleclick.net rules.quantcount.com connect.facebook.net u.heatmap.it analytics.tiktok.com tags.bkrtx.com img.botschool.ai gateway.zscaler.net *.gstatic.com selo.confio.pt maps.googleapis.com snap.licdn.com *.inside-graph.com 'unsafe-inline' 'unsafe-eval' ; style-src 'self' *.meo.pt *.altice-empresas.pt img.botschool.ai fonts.googleapis.com gateway.zscaler.net selo.confio.pt webcare.byside.com 'unsafe-inline' eu-cdn.inside-graph.com use.fontawesome.com; img-src 'self' *.meo.pt *.altice-empresas.pt *.google-analytics.com *.google.com quantcast.mgr.consensu.org *.quantcast.mgr.consensu.org *.byside.com *.google.pt picsum.photos *.picsum.photos www.facebook.com *.heatmap.it *.quantserve.com sync.1rx.io sync.targeting.unrulymedia.com *.googletagmanager.com img.botschool.ai gateway.zscaler.net pbs.twimg.com *.google.es thumbs.web.sapo.io thumbs.web.sapo.io *.googlesyndication.com googleads.g.doubleclick.net pixel.rubiconproject.com selo.confio.pt *.insided.com sync.teads.tv match.sharethrough.com *.googleapis.com *.gstatic.com *.inside-graph.com *.ads.linkedin.com *.linkedin.com *.qccerttest.com data:; font-src 'self' *.meo.pt *.altice-empresas.pt fonts.gstatic.com gateway.zscaler.net data:; connect-src 'self' *.meo.pt *.altice-empresas.pt *.googletagmanager.com *.google-analytics.com analytics.google.com quantcast.mgr.consensu.org *.quantcast.mgr.consensu.org *.byside.com *.doubleclick.net analytics.tiktok.com api.botschool.ai gateway.zscaler.net *.google.pt *.inside-graph.com *.sapo.pt *.hotjar.io *.analytics.google.com *.google-analytics.com *.googlesyndication.com signet-spot.telecom.pt *.hotjar.com maps.googleapis.com *.cmp.quantcast.com wss://*.byside.com wss://*.hotjar.com; prefetch-src 'self' *.meo.pt *.altice-empresas.pt gateway.zscaler.net; form-action 'self' *.meo.pt *.altice-empresas.pt www.facebook.com gateway.zscaler.net; base-uri 'self'; upgrade-insecure-requests ; frame-src 'self' *.meo.pt *.altice-empresas.pt *.hotjar.com *.facebook.com stags.bluekai.com *.doubleclick.net gateway.zscaler.net *.googletagmanager.com *.google.com eu-live.inside-graph.com signet-spot.telecom.pt meoteste.speedtestcustom.com www.youtube.com; frame-ancestors 'self' *.meo.pt *.altice-empresas.pt gateway.zscaler.net 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com tags.tiqcdn.cn collect.tealiumiq.com *.criteo.com *.criteo.net *.omtrdc.net *.yimg.jp *.yahoo.co.jp prf.hn *.doubleclick.net *.line.me *.google.com *.google.it *.bing.com *.google-analytics.com *.licdn.com *.tiktok.com sc-static.net *.usehero.com *.contentsquare.net *.demdex.net *.facebook.com *.googletagmanager.com *.facebook.net *.googleadservices.com *.teads.tv zegna.d3.sc.omtrdc.net www.google.* *.zegna.com *.measmerize.com *.googlesyndication.com maps.gstatic.com *.riskified.com sandbox.gestpay.net ecomm.sella.it *.online-metrix.net amp.akamaized.net *.snapchat.com *.gstatic.com *.go-mpulse.net cm.everesttech.net *.googleapis.com *.akstat.io *.akamaihd.net *.line-scdn.net *.algolianet.com *.algolia.net *.algolia.com zegna-cloud-media.s3.amazonaws.com zegna-cloud-media.s3.eu-west-1.amazonaws.com zegna-cloud-media.s3-eu-west-1.amazonaws.com livechat.zegna.cn *.baidu.com blob: data: ; font-src 'self' data: *.googleapis.com *.gstatic.com; report-uri /cgi-bin/csp_report.cgi 2 font-src fonts.gstatic.com maxcdn.bootstrapcdn.com www.manoloblahnik.com *.hotjar.com *.bglobale.com *.global-e.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.cybersource.com www.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.adyen.com www.google.com *.hotjar.com *.cybersource.com www.facebook.com www.youtube.com www.youtube-nocookie.com the-restory.app authentication.cardinalcommerce.com *.issuu.com *.online-metrix.net *.bglobale.com *.global-e.com testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.adyen.com blob *.alekseon-test.eu media-akam.licdn.com www.facebook.com maps.googleapis.com *.clarity.ms *.bing.com *.google.com *.googletagmanager.com manoloblahnik.com *.doubleclick.net.com ozplayer.global.ssl.fastly.net mcusercontent.com *.nr-data.net *.google.com.mx *.google.co.uk *.google.com.br *.google.co.in *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am; *.bglobale.com *.global-e.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.google.com www.gstatic.com maps.googleapis.com chimpstatic.com connect.facebook.net *.forter.com h.online-metrix.net cdnjs.cloudflare.com *.zdassets.com widget-mediator.zopim.com *.newrelic.com *.hotjar.com *.bing.com *.clarity.ms *.nr-data.net *.cardinalcommerce.com www.youtube.com *.online-metrix.net *.bglobale.com *.global-e.com testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fonts.net fonts.googleapis.com *.bootstrapcdn.com *.bglobale.com *.global-e.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com manolo.alekseon-test.eu www.manoloblahnik.com *.zdassets.com *.g.doubleclick.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.forter.com *.cloudfront.net wss://cdn0.forter.com www.google-analytics.com manoloblahnikhelp.zendesk.com *.zdassets.com *.widget-mediator.zopim.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.clarity.ms *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.googleapis.com *.bing.com stats.g.doubleclick.net www.google.com *.google.com www.facebook.com *.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com thm.visa.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.formstack.com https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://www.wordfence.com https://www.google.com https://apply.atomicdata.com https://www.youtube.com https://www.gstatic.com; connect-src 'self' https://hemsync.clickagy.com https://aorta.clickagy.com https://stats.g.doubleclick.net https://www.google-analytics.com https://ws.zoominfo.com; font-src 'self' data: https://static.formstack.com https://fonts.gstatic.com; img-src 'self' data: https://images.squarespace-cdn.com https://id.rlcdn.com https://atomicdata.formstack.com https://sync.crwdcntrl.net https://d.agkn.com https://aa.agkn.com https://cm.g.doubleclick.net https://idsync.rlcdn.com https://us-u.openx.net https://pixel-sync.sitescout.com https://dpm.demdex.net https://stags.bluekai.com https://aorta.clickagy.com https://px.ads.linkedin.com https://secure.gravatar.com https://www.google.com https://p.adsymptotic.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://static.formstack.com https://tags.clickagy.com https://atomicdata.formstack.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://code.visitor-track.com https://ws.zoominfo.com https://snap.licdn.com https://ml314.com https://www.google-analytics.com; report-uri https://atomicdata.report-uri.com/r/d/csp/wizard; 2 font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.facebook.com *.twitter.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.cloudfront.net *.baen.com *.twitter.com *.twimg.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com *.twitter.com *.twimg.com *.fontawesome.com *.facebook.net *.authorize.net *.simpli.fi *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.twitter.com *.twimg.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cloudflare.com *.authorize.net *.google-analytics.com *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromeenterprise_google 2 default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 2 font-src *.liqui-moly.com *.twofour.dev liquimoly.cloudimg.io *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.cookiebot.com *.amazon-adsystem.com insight.adsrvr.org *.facebook.com https://www.youtube.com https://www.googletagmanager.com/ *.google.com/ walls.io *.walls.io 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io liquimoly.cloudimg.io *.google.de *.google.com *.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com https://www.mollie.com *.cloudimg.io data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.liqui-moly.com *.twofour.dev *.cookiebot.com *.google-analytics.com *.googleadservices.com maps.googleapis.com connect.facebook.net service.liqui-moly.de http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com/ js.mollie.com *.cloudimg.io *.scaleflex.it walls.io *.walls.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.liqui-moly.com *.twofour.dev liquimoly.cloudimg.io *.fontawesome.com walls.io *.walls.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io *.liqui-moly.com *.twofour.dev *.cookiebot.com *.analytics.google.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ walls.io *.walls.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.liqui-moly.com *.twofour.dev 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors 'self'; report-uri https://www.cairnspost.com.au/csp-reports 2 object-src 'none'; 2 font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com *.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com *.criteo.com *.adform.net *.criteo.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.yotpo.com *.facebook.com *.cloudfront.net *.hsforms.com *.powerreviews.com *.stickyadstv.com *.cdninstagram.com *.emxdgt.com *.outbrain.com *.adnxs.com *.pubmatic.com *.3lift.com *.media.net *.casalemedia.com *.bidswitch.net *.revcontent.com *.teads.tv *.taboola.com *.smartadserver.com *.sharethrough.com *.360yield.com *.liadm.com *.criteo.com *.postrelease.com *.tremorhub.com *.mediavine.com *.yieldmo.com *.clmbtech.com *.bing.com *.dmxleo.com *.smaato.net *.tapad.com *.addthis.com *.digitaleast.mobi *.yahoo.com *.doubleclick.net *.mediawallahscript.com *.rlcdn.com *.acsbapp.com track.hubspot.com visitor.omnitagjs.com matching.ivitrack.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com *.criteo.net *.adform.net *.facebook.net *.cloudfront.net *.criteo.com *.hsforms.net *.hsforms.com *.powerreviews.com *.nr-data.net *.newrelic.com *.acsbapp.com foursixty.com *.googletagmanager.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net acsbapp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com *.typekit.net *.cloudfront.net *.powerreviews.com foursixty.com www.googletagmanager.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://www.google-analytics.com *.yotpo.com *.visitors.live *.luckyorange.net wss://visitors.live/socket.io/ *.doubleclick.net wss://in.visitors.live/socket.io/ *.powerreviews.com foursixty.com *.acsbapp.com *.nr-data.net *.foursixty.com analytics.google.com *.google.com forms.hubspot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; base-uri 'self'; child-src 'self'; connect-src 'self' widget.trustpilot.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com; font-src 'self' data:; form-action 'self'; frame-src 'self' widget.trustpilot.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com www.recaptcha.net; frame-ancestors 'none'; img-src 'self' data: widget.trustpilot.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com googleads.g.doubleclick.net; manifest-src 'none'; media-src 'none'; object-src 'none'; report-uri https://www.netim.com/bin/csp_report.php; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' widget.trustpilot.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com; script-src-elem 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' widget.trustpilot.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests; 2 default-src 'self' data: https: 'unsafe-inline' http://*.omniupdate.com *.twimg.com http://img.youtube.com d.adroll.mgr.consensu.org s.dca0.com; script-src 'self' 'unsafe-inline' *.emu.edu *.adroll.com script.crazyegg.com www.googletagmanager.com www.youvisit.com *.google-analytics.com pi.pardot.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net api.meritpages.com *.google.com *.googleapis.com *.addthis.com graph.facebook.com *.purechat.com *.purechatcdn.com *.ebscohost.com code.jquery.com 25livepub.collegenet.com widgets.pinterest.com platform.twitter.com instawidget.net *.twimg.com api.darksky.net assets.adobedtm.com embedr.flickr.com widgets.flickr.com s3.amazonaws.com d.adroll.mgr.consensu.org s.dca0.com; report-uri /is/csp/report/ 2 default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com *.connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com asciinema.org *.addtoany.com https://translate.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.connect.facebook.net/en_US/ https://stg.01.org/ https://code.jquery.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/ https://*.static.addtoany.com/menu/ https://static.addtoany.com/menu/page.js https://static.addtoany.com/menu/locale/ https://static.addtoany.com/menu/svg/icons.29.svg.js https://geoip-db.com/jsonp ; img-src 'self' data: blob: https://secure.gravatar.com/avatar/ https://software.intel.com/sites/ https://corpredirect.intel.com/ https://*.www.gstatic.com/images/ https://www.googletagmanager.com/ https://www.gstatic.com/images/branding/product/ http://1.bp.blogspot.com/ http://2.bp.blogspot.com/ http://3.bp.blogspot.com/ http://4.bp.blogspot.com/ https://asciinema.org/ https://img.youtube.com/vi/ https://www.google-analytics.com/collect https://lh3.googleusercontent.com/ https://lh4.googleusercontent.com/ https://lh5.googleusercontent.com/ https://lh6.googleusercontent.com/; font-src 'self' *.fonts.gstatic.com/s/roboto/v20/ https://*.fonts.gstatic.com/s/roboto/v20/; report-uri /admin/config/system/seckit/csp-report 2 object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self'; base-uri 'self'; frame-ancestors 'self' https: 2 object-src 'self' *.cined.com; report-uri /_/csp-report/ 2 default-src data: https: http://*.cdn.ngenix.net 'unsafe-inline' 'unsafe-eval'; report-uri https://www.b-kontur.ru/csp 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-inline' chrome-extension: https://www.googletagmanager.com https://mc.yandex.ru https://connect.facebook.net https://vk.com https://u008012.stepform.io https://www.google-analytics.com https://mc.yandex.com asset 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://www.facebook.com chrome-extension: https://mc.yandex.ru https://mc.yandex.md https://itbot.itpark.tech https://www.youtube.com https://dl.metabar.ru https://www.googletagmanager.com https://mc.yandex.com https://acestream.me; object-src 'self'; report-uri /cspreportonly; 2 upgrade-insecure-requests; default-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval'; 2 default-src 'none'; script-src 'self' https://api.cloudsponge.com https://cdn.plaid.com https://cdn.segment.com https://www.googletagmanager.com https://cdn.mxpnl.com https://www.google-analytics.com https://amplify.outbrain.com https://cdn.taboola.com https://trc.taboola.com https://static.ads-twitter.com https://snap.licdn.com https://www.googleadservices.com https://bat.bing.com https://tag.rmp.rakuten.com https://www.redditstatic.com https://s.yimg.com https://www.clickcease.com https://connect.facebook.net https://tr.outbrain.com https://b-code.liadm.com https://d.impactradius-event.com https://www.clarity.ms https://cdn.pdst.fm https://d18p8z0ptb8qab.cloudfront.net https://secure.quantserve.com https://rules.quantcount.com https://tags.srv.stackadapt.com https://www.krishetrk.com https://ext.chtbl.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com 'sha256-9NSB+DllU3BlD34AIE9bDhybGzPQuNOyfx//ClMfQ9w='; connect-src 'self' undefined https://*.ingest.sentry.io https://api.cloudsponge.com https://collect.cloudsponge.com https://cdn.segment.com https://api.segment.io https://www.google-analytics.com https://*.google-analytics.com https://trc.taboola.com https://bat.bing.com https://s.yimg.com https://rp.liadm.com/ https://f.clarity.ms https://tags.srv.stackadapt.com https://us-central1-adaptive-growth.cloudfunctions.net https://t.getletterpress.com/ https://tag.simpli.fi https://stats.g.doubleclick.net https://masterworks.536u.net https://*.optimizely.com; img-src 'self' data: https://s3.amazonaws.com/works.masterworks.io/* https://images.ctfassets.net https://api.cloudsponge.com https://www.google-analytics.com https://bat.bing.com https://tr.outbrain.com https://ciqtracking.com/ https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://adservice.google.com https://q.quora.com https://trkn.us https://data.adxcel-ec2.com https://ups.analytics.yahoo.com https://sp.analytics.yahoo.com https://us-u.openx.net https://t.co https://analytics.twitter.com https://alb.reddit.com https://px.ads.linkedin.com https://www.facebook.com https://x.bidswitch.net https://ib.adnxs.com https://aa.agkn.com https://pxl.qccerttest.com https://pixel.quantcount.com https://cdn.optimizely.com; style-src 'self' https://api.cloudsponge.com https://tags.srv.stackadapt.com; frame-ancestors 'none'; form-action 'self' https://www.facebook.com; manifest-src 'self'; font-src 'self'; frame-src https://cdn.plaid.com https://www.facebook.com https://a22148360054.cdn.optimizely.com https://a22148360054.cdn-pci.optimizely.com; upgrade-insecure-requests; report-to 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/wallet_google 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp: data:; report-uri /csp-report 2 report-uri /ui/csp-violations/;default-src 'none';img-src 'self' data: https:;base-uri 'self';block-all-mixed-content;form-action 'self';font-src 'self' https://fonts.gstatic.com data:;object-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://polyfill.io https://ssl.google-analytics.com https://cdn.walkme.com 'report-sample';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;media-src 'self';manifest-src 'self';connect-src 'self' 'report-sample' https://rum-http-intake.logs.datadoghq.com https://*.walkme.com https://ssl.google-analytics.com https://stats.g.doubleclick.net;frame-src 'self' https://cdn.walkme.com https://*.vetconnectplus.com;frame-ancestors * 2 connect-src https://www.overstockgovernment.com http://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.com:* https://*.hotjar.io https://bam.nr-data.net https://stats.g.doubleclick.net https://www.google-analytics.com wss://*.hotjar.com;default-src 'self' https://www.overstockgovernment.com 'unsafe-inline' http://www.googletagmanager.com/ https://stats.g.doubleclick.net https://www.google-analytics.com;font-src http://*.hotjar.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://fonts.gstatic.com;frame-src http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io;img-src https://www.overstockgovernment.com data: http://*.hotjar.com http://*.hotjar.io https://listen.audiohook.com https://*.hotjar.com https://*.hotjar.io https://ak1.ostkcdn.com https://p.adsymptotic.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com;object-src 'none';report-uri https://api.overstock.com/contentsecurity/report;script-src 'self' 'unsafe-inline' http://*.hotjar.com http://*.hotjar.io http://js-agent.newrelic.com http://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net https://js-agent.newrelic.com https://snap.licdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com;style-src-elem https://www.overstockgovernment.com 'unsafe-inline' https://fonts.googleapis.com 2 default-src 'self' https: data: wss: about: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_reports.json; 2 frame-ancestors 'self'; report-uri https://api.mobilepay.dk/cspreporting/mobilepay-dk 2 default-src 'self' https://*.lisboa.pt https://*.cm-lisboa.pt; img-src https: blob: data:; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://*.readspeaker.com https://chatwidget.dashboard-visor.com https://cdnjs.cloudflare.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com/ https://*.googleapis.com https://*.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' https://*.cloudflare.com https://*.dashboard-visor.com https://*.fontawesome.com https://*.kaspersky-labs.com https://*.readspeaker.com https://*.cloudflare.com https://*.dashboard-visor.com https://*.googleapis.com https://*.jsdelivr.net https://*.mapbox.com https://*.readspeaker.com https://*.bootstrapcdn.com https://*.fontawesome.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.4ddons.com https://*.dashboard-visor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.jquery.com https://*.readspeaker.com https://*.googleapis.com https://code.jquery.com https://chatwidget.dashboard-visor.com https://*.readspeaker.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.com https://cdnjs.cloudflare.com https://api.mapbox.com https://npmcdn.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.youtube.com/ https://*.appybook.com https://*.bol.pt https://*.facebook.net https://*.google-analytics.com https://*.svn0czn.com https://*.tryinteract.com; script-src-elem 'self' 'unsafe-inline' https://*.bol.pt https://*.cdnjs.com https://*.dashboard-visor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hublosk.com https://*.jquery.com https://*.jscontent.net https://*.jullyambery.net https://*.kellyfight.com https://*.npmcdn.com https://*.readspeaker.com https://*.youtube.com https://*.appybook.com https://*.bol.pt https://*.dashboard-visor.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.jquery.com https://*.pagespeed-mod.com https://*.readspeaker.com https://*.ritta.local https://*.tryinteract.com https://*.acestream.net https://*.bootstrapcdn.com https://*.cdnjs.com https://*.cloudflare.com https://*.dashboard-visor.com https://*.fontawesome.com https://*.googleapis.com https://*.jsdelivr.net https://*.kaspersky-labs.com https://*.mapbox.com https://*.npmcdn.com https://*.pilaff-up.ru https://*.readspeaker.com https://*.youtube.com; connect-src 'self' data: https://*.doubleclick.net https://*.glitch.com https://*.glitch.me https://*.kellyfight.com https://*.ucweb.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://chatwidget.dashboard-visor.com wss://chatwidget.dashboard-visor.com https://services.arcgis.com https://*.mapbox.com https://*.googleapis.com/ https://*.doubleclick.net https://*.readspeaker.com; frame-src 'self' https://*vimeo.com https://*.zscloud.net https://*.appybook.com https://*.bol.pt https://*.city-platform.com https://*.cm-lisboa.pt https://*.googletagmanager.com https://*.knightlab.com https://*.lisboa.pt https://*.moz.com https://*.tryinteract.com https://*.vimeo.com https://*.vkanalytics.net https://*.youtube-nocookie.com https://*.youtube.com; font-src 'self' https://*.avast.com https://*.cloudflare.com https://*.ss-cdn.com https://*.windows.net https://fonts.gstatic.com https://chatwidget.dashboard-visor.com https://*.fontawesome.com https://*.avast.com https://*.github.com https://*.typekit.net data:; media-src 'self' https://*.dashboard-visor.com data:; worker-src 'self' blob:; report-uri /fma/csp.php 2 font-src *.fontawesome.com 'self' *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com account.fetchify.com https://www.google.com/ https://www.youtube.com https://www.googletagmanager.com/ https://www.facebook.com https://www.e-shop-direct.com https://handel.ortlieb.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.facebook.com https://www.magezon.com https://www.mollie.com https://med-euw3c.squarelovin.com/ https://www.google.*/ads/ https://www.facebook.com https://cdn.ywxi.net https://maps.googleapis.com https://maps.gstatic.com https://www.e-shop-direct.com https://www.google-analytics.com https://www.google.com https://www.google.de 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googletagmanager.com *.facebook.net *.google.com js.mollie.com 'report-sample' https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://*.cookiefirst.com/ https://chimpstatic.com/ https://squarelovin.com/squarelovin.js https://squarelovin.com/api/index/get-stream-media/ https://connect.facebook.net/signals/config/995641483818596 https://consent.cookiefirst.com/banner.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ecommerce.js https://cdn.klarna.com/1.0/code/client/all.js https://maps.googleapis.com/maps/api/js https://www.e-shop-direct.com/libs/js/jquery-3.1.1.min.js https://unpkg.com/web-vitals@0.2.2/dist/web-vitals.es5.umd.min.js *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com *.fontawesome.com 'report-sample' https://*.cookiefirst.com/ https://*.squarelovin.com/squarelovin.css https://med-cf-1.squarelovin.com https://www.e-shop-direct.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'none' 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.google-analytics.com https://static.cookiefirst.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/tr/ t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://static.cloudflareinsights.com https://maxcdn.bootstrapcdn.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io https://blog.geaerospace.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://reactjs.org https://www.google.com https://www.gstatic.com https://www.youtube.com https://www.ge.com https://www.gepowerconversion.com https://view.ceros.com https://pdfjs-express.s3-us-west-2.amazonaws.com https://c.evidon.com https://www.googletagmanager.com https://ge.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://stats.g.doubleclick.net https://optoutapi.evidon.com https://l3.evidon.com https://graph.instagram.com https://js-agent.newrelic.com *.nr-data.net https://fssfedpitc.ge.com https://cdn.taboola.com https://secure.adnxs.com https://pubads.g.doubleclick.net https://ad.doubleclick.net https://trc.taboola.com https://trc-events.taboola.com https://ajax.cloudflare.com https://cds.taboola.com https://pips.taboola.com https://tags.crwdcntrl.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://bcp.crwdcntrl.net/6/map *.google-analytics.com *.analytics.google.com https://cdn.nmgassets.com https://tsdtocl.com https://www.googleadservices.com https://acsbapp.com https://cdn.acsbapp.com https://l.evidon.com https://bid.g.doubleclick.net https://fonts.googleapis.com https://captcha.gecirtnotification.com *.licdn.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://gateway.zscalertwo.net; img-src * data: blob:; object-src 'self'; form-action *; frame-ancestors 'self' 2 report-uri /_/csp-reports 2 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.klevu.com *.ksearchnet.com *.yotpo.com x.klarnacdn.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.facebook.com https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com/ *.doubleclick.net *.flashtalking.com unpkg.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com *.youtube.com *.paypal.com *.paypalobjects.com *.usehero.com *.braintreegateway.com *.cookiebot.com *.hotjar.com *.facebook.com *.kaptcha.com https://store.plumrocket.com *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.pmtonline.co.uk *.clarity.ms *.cloudfront.net unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klevu.com *.ksearchnet.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.trustpilot.com *.nosto.com *.amazonaws.com *.finance-calculator.co.uk *.paypal.com *.gstatic.com *.google.co.uk *.usehero.com *.bing.com *.postcodeanywhere.co.uk *.googletagmanager.com *.yotpo.com blob: x.klarnacdn.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.cloudfront.net *.tradedoubler.com *.email.pmtonline.co.uk *.mateti.net *.newrelic.com *.nr-data.net *.zdassets.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.trustpilot.com *.nosto.com *.klevu.com polyfill.io *.finance-calculator.co.uk *.paypal.com *.gstatic.com *.usehero.com *.postcodeanywhere.co.uk *.pcapredict.com *.cardinalcommerce.com *.hotjar.com *.cookiebot.com *.bing.com https://analytics.tiktok.com *.zuko.io *.yotpo.com *.clarity.ms *.klarnaservices.com x.klarnacdn.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.googleapis.com *.doubleclick.net unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klevu.com *.ksearchnet.com unsafe-inline *.trustpilot.com *.nosto.com *.finance-calculator.co.uk *.usehero.com *.postcodeanywhere.co.uk *.yotpo.com x.klarnacdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.usehero.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.cloudfront.net *.dycdn.net *.freshrelevance.com wss://*.freshrelevance.com *.mateti.net *.pmtonline.co.uk *.zdassets.com *.zendesk.com *.nr-data.net *.bing.com tbs.pvnsolutions.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.trustpilot.com *.finance-calculator.co.uk *.paypal.com *.nosto.com *.google.com *.braintreegateway.com *.usehero.com *.postcodeanywhere.co.uk *.cardinalcommerce.com *.doubleclick.net *.zuko.io https://analytics.tiktok.com *.hotjar.io *.hotjar.com *.yotpo.com *.cookiebot.com *.clarity.ms *.sentry.io *.klarnaservices.com x.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.youtube.com *.cookiebot.com *.showefy.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.gstatic.com *.google.com *.usercentrics.eu https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.newrelic.com *.nr-data.net *.googleapis.com *.addtoany.com *.zdassets.com *.facebook.com *.cookiebot.com *.pinterest.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.nr-data.net *.zendesk.com *.zopim.com *.zdassets.com wss://widget-mediator.zopim.com *.doubleclick.net *.teads.tv www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' data 'unsafe-inline' 'unsafe-eval' *.scoresense.com *.scoresensebasic.com *.freescoreonline.com *.nationalcreditreport.com *.freescore360.com https://img1.cdn180.net *.google.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apigateway.scoresense.com/ https://www.cardratings.com https://img1.cdn180.net https://safetechpageencryptionvar.chasepayment.com https://safetechpageencryptionvar.chasepaymentech.com *.salesforceliveagent.com cardratings.com seal-dallas.bbb.org seal.digicert.com https://fqtag.com *.fqtag.com https://safetechpageencryption.chasepaymentech.com https://www.googletagmanager.com www.google-analytics.com bat.bing.com *.siteintercept.qualtrics.com https://cdn.decibelinsight.net blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.facebook.net seal-dallas.bbb.org https://img1.cdn180.net; img-src * 'self' data: https:; connect-src 'self' ws: wss: *.decibelinsight.net *.facebook.com *.execute-api.us-east-1.amazonaws.com *.onetechnologies.net stats.g.doubleclick.net *.siteintercept.qualtrics.com *.fqtag.com https://fqtag.com/pixel https://apigateway.scoresense.com https://seal.digicert.com https://images.scanalert.com https://seal-dallas.bbb.org https://onetechnologies.secure.force.com https://www.gstatic.com https://fonts.googleapis.com https://c.la1-c1-ia5.salesforceliveagent.com https://www.googletagmanager.com https://consumerconnect.tui.transunion.com ; font-src 'self' https://fonts.gstatic.com ; frame-src ; frame-ancestors *.scoresense.com *.freescoreonline.com *.nationalcreditreport.com; report-to ot-reporter; report-uri https://xtvenwskmk.execute-api.us-east-1.amazonaws.com/infosec 2 default-src 'self' cdn.yellowmessenger.com fonts.gstatic.com www.g2.com; script-src 'self' f.vimeocdn.com js-agent.newrelic.com cdn.yellowmessenger.com pi.pardot.com bam.nr-data.net go.leadspace.com cdnjs.cloudflare.com sfc.leadspace.com www.googletagmanager.com cmp.osano.com www.google-analytics.com googleads.g.doubleclick.net snap.licdn.com stats.sa-as.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com connect.facebook.net tracking.g2crowd.com static.hotjar.com www.g2.com script.hotjar.com platform.twitter.com static.ads-twitter.com; style-src 'self' cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com www.g2.com; img-src 'self' www.g2.com px.ads.linkedin.com media-exp1.licdn.com stats.sa-as.com px4.ads.linkedin.com www.google.com p.adsymptotic.com www.facebook.com cdn.yellowmessenger.com; report-uri ls-endpoint; report-to ls-default 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: sdk.privacy-center.org sdc-bdt.caissedesdepots.fr ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 2 default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://reports.hrmdirect.com https://*.etcconnect.com;style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://reports.hrmdirect.com https://www.highend.com https://fonts.googleapis.com https://*.etcconnect.com;object-src 'none';img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://*.etcconnect.com;report-uri /Handlers/CspReports.ashx?type=REPORTONLY; 2 script-src 'unsafe-eval' 'unsafe-inline' data: 'self' blob: www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.google.com js.klevu.com www.gstatic.com *.cloudmaestro.com www.googleadservices.com googleads.g.doubleclick.net r2-t.trackedlink.net static.hotjar.com wchat.freshchat.com staticw2.yotpo.com browser-update.org script.hotjar.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam-cell.nr-data.net connect.facebook.net *.freshchat.com maps.googleapis.com assets.adobedtm.com www.googleoptimize.com h.online-metrix.net *.cardinalcommerce.com html5.dcatalog.com unpkg.com commerce.adobedtm.com cdnjs.cloudflare.com web-sdk.aptrinsic.com commerce.adobe.net fonts.googleapis.com magento-recs-sdk.adobe.net static.trackedweb.net tags.srv.stackadapt.com snap.licdn.com tags.srv.stackadapt.com bat.bing.com e.performancehealth.com f.vimeocdn.com tags.srv.stackadapt.com bam.nr-data.net services-connector-ui.magento-ds.com; style-src 'self' 'unsafe-inline' wchat.freshchat.com fonts.googleapis.com js.klevu.com tags.srv.stackadapt.com staticw2.yotpo.com; report-uri /.webscale/csp-report 2 style-src 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com;style-src-elem 'self' 'unsafe-inline' *.helsana.ch fonts.googleapis.com translate.googleapis.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de use.fontawesome.com;img-src 'self' data: *.helsana.ch *.pinterest.com s0.2mdn.net bat.bing.com www.facebook.com connect.facebook.net cm.everesttech.net dpm.demdex.net apple-resources.s3.amazonaws.com *.applemediaservices.com *.googlesyndication.com *.gstatic.com maps.googleapis.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net t.co *.linkedin.com *.google.com *.google.ch *.google.de *.google.fr *.google.li *.google.it *.google.ad *.google.ae *.google.al *.google.at *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.ca *.google.cd *.google.cg *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.ga *.google.gr *.google.ht *.google.hr *.google.hu *.google.ie *.google.iq *.google.jo *.google.lk *.google.lt *.google.lu *.google.lv *.google.me *.google.mg *.google.ml *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.si *.google.sk *.google.sn *.google.tg *.google.tn *.google.tt *.google.vg *.google.co.ao *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.th *.google.co.uk *.google.co.za *.google.com.af *.google.com.ar *.google.com.au *.google.com.bh *.google.com.bo *.google.com.br *.google.com.co *.google.com.cy *.google.com.ec *.google.com.eg *.google.com.gh *.google.com.hk *.google.com.kh *.google.com.lb *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ni *.google.com.pe *.google.com.pk *.google.com.py *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com interaktiv.contilla.de;font-src 'self' data: *.gstatic.com d3dc1lgancj6l0.cloudfront.net use.fontawesome.com *.helsana.ch;media-src 'self' data: blob: *.helsana.ch d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com;object-src 'none';worker-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com analytics.twitter.com snap.licdn.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net maps.googleapis.com www.googletagmanager.com assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.helsana.ch cdn.cookielaw.org static.ads-twitter.com snap.licdn.com analytics.twitter.com *.pinterest.com s.pinimg.com *.gstatic.com api.microsofttranslator.com bat.bing.com www.google.ch www.google.com www.google.de www.google.fr *.googlesyndication.com *.doubleclick.net www.googletagservices.com consentcdn.cookiebot.com www.googleadservices.com www.google-analytics.com connect.facebook.net consent.cookiebot.com cdn.tt.omtrdc.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net interaktiv.contilla.de;connect-src 'self' wss://*.helsana.ch *.helsana.ch maps.googleapis.com privacyportal-eu.onetrust.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cookielaw.org api.sitesearch360.com *.ads-twitter.com *.linkedin.com *.pinterest.com api.openweathermap.org www.facebook.com www.bing.com bat.bing.com *.googlesyndication.com *.google.com *.doubleclick.net www.google-analytics.com tt.omtrdc.net dpm.demdex.net wss://umd.userlike.com umd.userlike.com api.userlike.com d3upe020n1uosc.cloudfront.net www.userlike.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu interaktiv.contilla.de;frame-src 'self' *.helsana.ch *.pinterest.ch *.pinterest.com *.google.com *.googlesyndication.com bid.g.doubleclick.net consentcdn.cookiebot.com www.youtube.com fls.doubleclick.net assets.adobedtm.com www.facebook.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com player.vimeo.com *.undpartner.digital;frame-ancestors 'self' *.helsana.ch;report-uri https://helsana.report-uri.com/r/d/csp/wizard;report-to wizard; 2 default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: region1.google-analytics.com www.google-analytics.com www.googletagmanager.com *.cadooz.com *.doubleclick.net fonts.gstatic.com google.com cdnjs.cloudflare.com www.otto.de www.google.com www.google.de www.gstatic.com hcaptcha.com *.linkedin.com de.trustpilot.com newassets.hcaptcha.com widget.trustpilot.com; form-action *.cadooz.com; frame-ancestors 'self' ; report-uri /csp_report 2 img-src https://higherlogicdownload.s3.amazonaws.com/NACE/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogiclongterm.s3.amazonaws.com/NACE/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicstream.s3.amazonaws.com/NACE/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-08-16.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 2 child-src 'self'; connect-src 'self' http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.hotjar.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amplitude.com https://*.cloudflare.com https://*.contentful.com https://*.delighted.com https://*.facebook.com https://*.fullstory.com https://*.g.doubleclick.net https://*.getsentry.com https://*.githubusercontent.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.herokuapp.com https://*.hotjar.com https://*.hotjar.com:12443 https://*.intercom.io https://*.intercomcdn.com https://*.lever.co https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.segment.io https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.wistia.com https://github.com https://heapanalytics.com https://sumo.com https://twitter.com ws://*.hotjar.com wss://*.appcues.net wss://*.hotjar.com wss://*.intercom.io; default-src 'self'; font-src 'self' chrome-extension: data: http://*.sqreen.io https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.intercomcdn.com https://*.sqreen.com https://*.sqreen.io https://*.twimg.com https://*.wistia.com https://github.com; frame-src 'self' 'unsafe-inline' http://*.appcues.com http://*.g.doubleclick.net http://*.hotjar.com https://*.akamaihd.net https://*.amazonaws.com https://*.appcues.com https://*.facebook.com https://*.g.doubleclick.net https://*.hotjar.com https://*.recurly.com https://*.sqreen.com https://*.twitter.com https://*.typeform.com https://*.wistia.com https://headway-widget.net ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.adnxs.com http://*.facebook.net http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.googleadservices.com http://*.googletagmanager.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com http://t.co https://*.addthis.com https://*.adnxs.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.b-cdn.net https://*.clearbit.com https://*.cloudfront.net https://*.ctfassets.net https://*.facebook.com https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.mx https://*.google.com.ph https://*.google.com.sg https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.se https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.linkedin.com https://*.marinsm.com https://*.openx.net https://*.prfct.co https://*.reddit.com https://*.rubiconproject.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.twimg.com https://*.twitter.com https://*.univide.com https://*.wistia.com https://*.yahoo.com https://heapanalytics.com https://sqreen-assets.s3-eu-west-1.amazonaws.com https://sumo.com https://t.co https://twitter.com; manifest-src 'self' https://*.sqreen.com; media-src 'self' https://*.akamaihd.net https://*.cloudfront.net https://*.intercomcdn.com https://*.wistia.com; object-src 'self' https://*.akamaihd.net https://*.wistia.com; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.ads-twitter.com http://*.appcues.com http://*.facebook.net http://*.g.doubleclick.net http://*.getdrip.com http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.heapanalytics.com http://*.hotjar.com http://*.perfectaudience.com http://*.prfct.co http://*.segment.com http://*.sqreen.io http://heapanalytics.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.amplitude.com https://*.appcues.com https://*.b-cdn.net https://*.bufferapp.com https://*.cloudflare.com https://*.cloudfront.net https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.getdrip.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.headwayapp.co https://*.heapanalytics.com https://*.herokuapp.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.jquery.com https://*.licdn.com https://*.linkedin.com https://*.marketo.net https://*.perfectaudience.com https://*.pinterest.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.redditstatic.com https://*.segment.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.twitter.com https://*.typeform.com https://*.wistia.com https://fullstory.com https://heapanalytics.com https://reddit.com https://twitter.com ws://*.hotjar.com wss://*.hotjar.com wss://*.intercom.io; style-src 'self' 'unsafe-inline' http://*.appcues.com http://*.sqreen.io http://heapanalytics.com https://*.amazonaws.com https://*.appcues.com https://*.b-cdn.net https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.sqreen.com https://*.sqreen.io https://*.twitter.com https://heapanalytics.com; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; 2 font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.snapchat.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.gomoxie.solutions *.braintreegateway.com *.snapchat.com *.doubleclick.net *.paypal.com *.paypalobjects.com *.google.com *.kaptcha.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com maps.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.doubleclick.net d1dwsi2ysdg1so.cloudfront.net us.coca-cola.com cocacola.scene7.com ct.pinterest.com *.facebook.com *.userway.org *.agkn.com *.google.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net rpxnow.com *.rpxnow.com forty11115.pcapredict.com *.gomoxie.solutions js-agent.newrelic.com *.google.com *.gstatic.com bam.nr-data.net *.coca-cola.com *.pricespider.com *.googletagmanager.com sc-static.net *.sc-static.net *.pinimg.com cdn.kxrd.net *.userway.org *.doubleclick.net connect.facebook.net cdn.krxd.net cdn.cookielaw.org api.addressy.com *.paypal.com *.ccnag.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline display.ugc.bazaarvoice.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.gomoxie.solutions p.typekit.net *.pricespider.com api.addressy.com cdn.cookielaw.org *.fontawesome.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.shareacoke.com *.gomoxie.solutions bam.nr-data.net *.braintreegateway.com *.paypal.com *.google-analytics.com *.doubleclick.net *.coca-cola.com *.facebook.com ct.pinterest.com *.userway.org *.coke.com api.addressy.com *.ccnag.com *.paypalobjects.com *.snapchat.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cokestore.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2 font-src cdnjs.cloudflare.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com magento.buildify.shop *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com platform.twitter.com magento.buildify.shop c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com platform.twitter.com platform.instagram.com apis.google.com magento.buildify.shop https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdnjs.cloudflare.com fonts.googleapis.com magento.buildify.shop https://static.klaviyo.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com player.vimeo.com www.youtube.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 2 frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global *.elama.zone elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://img.en25.com/ https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com/ https://sc-static.net https://browser-update.org https://cdn.cookielaw.org *.salesforceliveagent.com ttps://browser-update.org/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://geolocation.onetrust.com https://script.crazyegg.com https://www.google-analytics.com https://cdn.siteimprove.net https://unpkg.com https://*.siteimprove.com *.youtube.com https://*.userzoom.com https://cdn.jsdelivr.net/; base-uri 'none'; form-action 'self' https://www.facebook.com https://tr.snapchat.com ; object-src 'none'; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://cdn.jsdelivr.net/; img-src 'self' data: https://tr.snapchat.com/ *.salesforceliveagent.com https://www.facebook.com/ https://webtracking.aucmed.edu/ *.google.com *.google.com.br *.google.com.uk *.google.com.ca *.google.com.fr *.google-analytics.com *.ytimg.com *.siteimproveanalytics.io https://americanuniversityofcarribean.secure.force.com https://cdn.jsdelivr.net/; media-src 'self'; frame-src 'self' *.youtube.com https://www.facebook.com/ *.doubleclick.net https://tr.snapchat.com; frame-ancestors 'none'; child-src 'self' *.youtube.com ; font-src 'self' https://themes.googleusercontent.com https://use.typekit.net; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.siteimprove.com/ https://script.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com/; report-uri /report-csp-violation 2 child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self' https://*.launchdarkly.com https://*.forter.com https://d3in1te4fdays6.cloudfront.net https://d1wix2gc2cgqis.cloudfront.net wss://cdn0.forter.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net; img-src 'self' amplifypixel.outbrain.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net pingclock.net graph.facebook.com data:; script-src-elem 'self' 'unsafe-inline' *.pci.favor.dev *.favorengineering.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net ont.net wss://cdn0.forter.com *.pci-np.favor.dev *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com www.google.com web.btncdn.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io; script-src 'self' 'unsafe-eval' https://*.forter.com https://dkupaw9ae63a8.cloudfront.net *.favorengineering.com *.pci.favor.dev *.pci-np.favor.dev cdn.siftscience.com js.stripe.com maps.googleapis.com www.google.com web.btncdn.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com fonts.googleapis.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com *.pci-np.favor.dev bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/wizard; worker-src blob: 2 default-src 'self' blob:; img-src 'self' data: *; media-src * blob:; script-src 'self' https://kapsch.net https://www.kapsch.net https://*.usercentrics.eu www.googletagmanager.com www.google-analytics.com data: www.googleadservices.com snap.licdn.com analytics.twitter.com static.ads-twitter.com www.youtube.com tools.euroland.com 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net connect.facebook.net 'unsafe-eval' blob: streamer.a1.net webcast.a1.net vjs.zencdn.net 'report-sample'; connect-src 'self' https://*.usercentrics.eu www.google-analytics.com www.googleadservices.com snap.licdn.com analytics.twitter.com static.ads-twitter.com noembed.com streamer.a1.net webcast.a1.net; frame-src 'self' https: https:; style-src 'self' 'unsafe-inline' hello.myfonts.net streamer.a1.net webcast.a1.net vjs.zencdn.net; font-src 'self' data:; manifest-src 'self'; report-uri /csp-violation-report/ 2 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com js.stripe.com cdn.dnky.co webchat.dotdigital.com *.gigya.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.gigya.com 'self' data: 'unsafe-inline' data: *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.stripe.com cdn.conekta.io conektaapi.s3.amazonaws.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.gigya.com s7.addthis.com *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com 'unsafe-inline' data: unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.conekta.io api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ *.mercadopago.com *.mercadolibre.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' blob: https://*.lynxbroker.de https://*.lynxbroker.ch https://*.lynxbroker.at https://sentry2.lynx-trader.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://code.jquery.com https://www.googletagmanager.com https://*.cookiebot.com https://connect.facebook.net https://www.google-analytics.com https://bat.bing.com data: https://siegel.ausgezeichnet.org https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://amplify.outbrain.com https://tr.outbrain.com https://*.taboola.com https://cdn.pushcrew.com https://fat.financeads.net https://www.dwin1.com https://www.google.com https://www.gstatic.com https://cdn.datatables.net https://www.youtube.com https://www.googleadservices.com https://www.awin1.com https://cdnjs.cloudflare.com https://pushcrew.com https://*.pushcrew.com https://service.lynx.nl https://*.wistia.com https://www.googleoptimize.com https://optimize.google.com https://js.adsrvr.org https://p.teads.tv https://*.twitter.com https://*.clarity.ms https://*.ads-twitter.com https://*.livechatinc.com https://pixel.adcrowd.com https://googleads.g.doubleclick.net https://*.trustpilot.com https://widget.trustpilot.com ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://pushcrew.com https://cdn.pushcrew.com https://cdn.datatables.net https://code.jquery.com https://fonts.googleapis.com https://cdn-images.mailchimp.com https://optimize.google.com https://hilfe.lynxbroker.de ; img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://bat.bing.com *.gravatar.com https://*.ausgezeichnet.org https://pushcrew.com https://*.pushcrew.com https://*.linkedin.com https://tr.outbrain.com https://cds.taboola.com https://www.awin1.com https://www.googletagmanager.com https://cdn.datatables.net https://www.financeads.net https://www.google.com https://*.doubleclick.net https://hilfe.lynxbroker.de https://www.google.nl https://www.google.de https://i.ytimg.com https://p.adsymptotic.com https://cdn.lynxbroker.com https://www.lynxbroker.de https://www.lynxbroker.ch https://www.lynxbroker.at https://service.lynx.nl https://*.wistia.com https://gallery.mailchimp.com https://www.gstatic.com https://t.co https://*.clarity.ms https://*.teads.tv https://*.bing.com https://*.cloudfront.net https://analytics.twitter.com https://secure.adnxs.com ; font-src 'self' data: https://fonts.gstatic.com https://*.lynxbroker.de https://*.lynxbroker.ch https://*.lynxbroker.at https://*.fourthline.com ; frame-src 'self' https://*.cookiebot.com https://www.facebook.com https://vars.hotjar.com https://www.google.com https://us-central1-madrid-investing.cloudfunctions.net https://www.youtube.com https://lynx-germany.softgarden.io https://www.awin1.com https://web.facebook.com https://html5-player.libsyn.com https://fast.wistia.net https://optimize.google.com https://*.doubleclick.net https://servedby.flashtalking.com https://insight.adsrvr.org https://play.libsyn.com https://secure.livechatinc.com https://*.trustpilot.com https://*.adsrvr.org ; frame-ancestors 'self' ; connect-src 'self' https://*.lynx-webservice.com https://*.lynx-trader.com https://www.google-analytics.com https://*.hotjar.com https://lynx-webservice.com https://lynx-webservice.de https://docs.google.com wss://*.hotjar.com https://vc.hotjar.io https://*.bing.com https://trc-events.taboola.com https://hilfe.lynxbroker.de https://lynxsolr.de https://cdn.datatables.net https://www.google.com https://*.pushcrew.com https://*.facebook.com https://*.googleusercontent.com https://*.wistia.com https://*.litix.io https://*.cookiebot.com https://*.googlesyndication.com https://*.doubleclick.net https://*.teads.tv https://*.clarity.ms https://*.google-analytics.com ; media-src https://s3.eu-west-1.amazonaws.com https://s3.eu-central-1.amazonaws.com https://*.lynxbroker.de https://*.lynxbroker.ch https://*.lynxbroker.at https://cdn.livechatinc.com; 2 default-src 'self' *.experteer.com gap://ready https:; font-src 'self' *.experteer.com fonts.gstatic.com https: data: 'unsafe-inline'; img-src 'self' *.experteer.com https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' *.experteer.com www.google-analytics.com www.linkedin.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.experteer.com https: 'unsafe-inline'; connect-src 'self' *.experteer.com https: wss://ws.inspectlet.com www.google-analytics.com; report-uri https://www.experteer.com/csp_violation_notifications 2 default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://cdn-custom.optimonk.com https://at.alicdn.com https://cdn.honey.io; img-src 'self' data: https://laced-testing.imgix.net https://laced.imgix.net https://scoutapm.com https://apm.scoutapp.com https://laced-production.s3.eu-west-2.amazonaws.com https://www.google-analytics.com https://bat.bing.com https://www.facebook.com https://www.google.com https://www.google.com.cy https://www.google.co.uk https://t.paypal.com https://editor-upload-cdn.optimonk.com https://www.zenaps.com https://www.google.de https://www.googletagmanager.com https://translate.google.com https://www.google.co.th https://www.gstatic.com https://www.google.com.hk https://www.google.com.sa https://www.google.com.jm https://www.google.es https://www.awin1.com https://googleads.g.doubleclick.net https://*.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com http://widget.trustpilot.com https://bat.bing.com https://apm.scoutapp.com/ https://scoutapm.com https://www.dwin1.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://front.optimonk.com https://connect.facebook.net https://gs-cdn.optimonk.com https://static.hotjar.com https://script.hotjar.com https://www.paypal.com https://js.stripe.com https://www.paypalobjects.com https://www.googleadservices.com https://tpc.googlesyndication.com https://the.sciencebehindecommerce.com https://www.zenaps.com https://*.getdrip.com; style-src 'self' 'unsafe-inline' https://scoutapm.com https://apm.scoutapp.com https://www.googletagmanager.com https://cdn-asset.optimonk.com https://fonts.googleapis.com https://translate.googleapis.com https://cdn.honey.io; connect-src 'self' https://www.google-analytics.com https://bat.bing.com/ https://stats.g.doubleclick.net https://www.sandbox.paypal.com https://www.paypal.com https://www.facebook.com https://vc.hotjar.io https://front.optimonk.com https://region1.google-analytics.com https://jfapiprod.optimonk.com https://in.hotjar.com https://adservice.google.com https://telemetrics.klaviyo.com https://www.google.com https://cdn-renderer.optimonk.com https://a.klaviyo.com wss://*.hotjar.com https://*.hotjar.com https://the.sciencebehindecommerce.com https://api-js.mixpanel.com https://laced-production.s3.eu-west-2.amazonaws.com https://cdn.growthbook.io; frame-src 'self' https://widget.trustpilot.com/ https://js.stripe.com/ https://vars.hotjar.com https://www.paypalobjects.com https://www.facebook.com https://www.zenaps.com https://tpc.googlesyndication.com; report-uri /csp_report 2 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.reviews.io *.reviews.co.uk *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.reviews.io *.reviews.co.uk lootly.io *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://www.googletagmanager.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.yotpo.com data: 'self' 'unsafe-inline'; script-src lootly.io *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://*.bablic.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.reviews.io *.reviews.co.uk *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com unsafe-inline *.cloudfront.net *.reviews.io *.reviews.co.uk *.typekit.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://c.bablic.com https://e2.bablic.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudfront.net *.reviews.io *.reviews.co.uk ws: lootly.io *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube-marketing/artists_youtube 2 script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://www.google.com 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 2 font-src fonts.googleapis.com fonts.gstatic.com data: *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sfdcstatic.com *.socialannex.com *.script.hotjar.com https://script.hotjar.com/font-hotjar_5.65042d.woff2 https://script.hotjar.com/font-hotjar_5.0ddfe2.ttf https://script.hotjar.com/font-hotjar_5.17b429.woff 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com www.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.google.com https://service.force.com/ https://vars.hotjar.com/ https://www.chasepaymentechhostedpay-var.com/ https://www.chasepaymentechhostedpay.com/ https://directory.scouting.org/ http://directory.scouting.org/ www.facebook.com googleads.g.doubleclick.net *.braintreegateway.com/ *.kaptcha.com/ *.paypal.com/ www.youtube.com media.boyslife.org c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' blob: data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.cdninstagram.com *.fbcdn.net data: *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.yotpo.com *.mediafiles.scoutshop.org *.cdn.socialannex.com *.widgets.magentocommerce.com https://cdnazure-socialannexinc.netdna-ssl.com https://mediafiles.scoutshop.org/ https://cdn.socialannex.com https://www.facebook.com http://cdn.socialannex.com/custom_images/9991741/UVGD7L_logo.png http://cdn.socialannex.com/custom_images/1122330/N5C7XG_VZW1WW_close.png *.google.com *.scoutshop.org *.google.co.in *.googletagmanager.com 89086.global.siteimproveanalytics.io *.nextopia.net script.hotjar.com *.clarity.ms *.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com *.my.salesforce.com *.lightning.force.com *.secure.force.com static.klaviyo.com static-tracking.klaviyo.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.connect.facebook.net *.service.force.com *.cdn.nextopia.net *.nextopiasoftware.com *.cdn.socialannex.com *.salesforceliveagent.com *.code.jquery.com https://service.force.com https://service.force.com/embeddedservice/5.0/esw.min.js https://cdn.nextopia.net/nxt-app/fca482e10d6c3e13d7748571d09f15d2.js https://cdn.nextopia.net/nxt-app/2515ea380310e97ec5b1c6947a2a0670.js https://service.force.com/embeddedservice/5.0/client/liveagent.esw.min.js https://cdn.socialannex.com/partner/1122331/universal.js http://cdn.socialannex.com/partner/1122331/sas22CustomVC.js http://cdn.socialannex.com/s22/templatebase/s22-all.js http://cdn.socialannex.com/s22/templatebase/s22-vanilla-slider.js https://service.force.com/embeddedservice/5.0/client/invite.esw.min.js http://code.jquery.com/jquery-migrate-1.4.1.min.js https://cdn.socialannex.com/s22/s22-smarty-template-engine.js http://cdn.socialannex.com/s22/templatebase/s22-bxslider.js https://cdn.socialannex.com/s22/s22-acmc.js http://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/fbevents.js *.s23.socialannex.com http://s23.socialannex.com/v4/js/s23-main-curl.js https://s23.socialannex.com/v4/js/s23-main-curl.js http://cdn.socialannex.com/s23/v4/mustache.js http://cdn.socialannex.com/s28/v2.0/s28-starrating-lib.js https://cdn.socialannex.com/s28/v2.0/s28-starrating-lib.js http://cdn.socialannex.com/partner/1122331/sas28CustomRAR.js https://cdn.socialannex.com/partner/1122331/sas28CustomRAR.js http://cdn.socialannex.com/s28/v2.0/s28-reviewrating.js https://script.hotjar.com/modules.901d255c60be478c0407.js *.googletagmanager.com https://stats.g.doubleclick.net/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/incoming-feedback.573ff3cea08d248d8964.js *.gtm.js *.googleoptimize.com *.newrelic.com/ siteimproveanalytics.com connect.facebook.net c.socialannex.com *.paypal.com/ script.crazyegg.com *.clarity.ms *.ecomm-nav.com *.hotjar.io *.hotjar.com bam-cell.nr-data.net *.nr-data.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.secure.force.com *.klaviyo.com *.cloudflare.com *.googleapis.com *.google.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.socialannex.com https://service.force.com *.nextopia.net https://static.klaviyo.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com *.mediafiles.scoutshop.org https://mediafiles.scoutshop.org/Media/video_scouttalk_sbsa_1920x1080.mp4 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.secure.force.com *.nr-data.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.socialannex.com *.analytics.js *.google-analytics.com *.stats.g.doubleclick.net https://stats.g.doubleclick.net https://script.hotjar.com/modules.901d255c60be478c0407.js https://fast.a.klaviyo.com *.klaviyo.com telemetrics.klaviyo.com https://static-forms.klaviyo.com wss://ws20.hotjar.com a.klaviyo.com *.braintree-api.com *.braintreegateway.com/ *.crazyegg.com *.clarity.ms *.hotjar.io *.hotjar.com *.facebook.com wss: https://static.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.gstatic.com data: *.rakuten.com *.facebook.com *.braintreegateway.com *.google.com *.adobedtm.com *.authorize.net *.paypal.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.cardinalcommerce.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.cdn.dnky.co *.dotdigital-pages.com *.comapi.com *.dotdigital.com *.facebook.net *.trackedweb.net *.yotpo.com *.salecycle.com *.linksynergy.com *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.listrakbi.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.xtento.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ *.salecycle.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.listrakbi.com *.bing.com *.vimeo.com *.paypalobjects.com *.sandbox.paypal.com *.hotjar.com *.adelixir.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud documentcloud.adobe.com *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de *.yotpo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com www.xtento.com cdn.xtento.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.rakuten.com *.braintreegateway.com *.google.com *.authorize.net *.paypal.com *.ytimg.com *.vimeo.com *.cardinalcommerce.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.cdn.dnky.co *.dotdigital-pages.com *.comapi.com *.dotdigital.com *.facebook.net *.trackedweb.net *.yotpo.com *.salecycle.com *.linksynergy.com *.rlcdn.com *.listrakbi.com *.google.co.in *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com www.xtento.com cdn.xtento.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.rakuten.com *.braintreegateway.com *.google.com *.authorize.net *.paypal.com *.ytimg.com *.vimeocdn.com *.cardinalcommerce.com *.payments-amazon.de *.cdn.dnky.co *.comapi.com *.dotdigital.com *.facebook.net *.yotpo.com *.salecycle.com *.linksynergy.com *.google.co.in *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.listrakbi.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com imagemarker.com *.magentosite.cloud documentcloud.adobe.com *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.rakuten.com *.facebook.com *.braintreegateway.com *.google.com *.adobedtm.com *.authorize.net *.paypal.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.cardinalcommerce.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.cdn.dnky.co *.dotdigital-pages.com *.comapi.com *.dotdigital.com *.facebook.net *.trackedweb.net *.yotpo.com *.salecycle.com *.linksynergy.com *.listrakbi.com data: *.google.co.in *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud documentcloud.adobe.com *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.rakuten.com *.braintreegateway.com *.google.com *.adobedtm.com *.authorize.net *.paypal.com *.ytimg.com *.vimeo.com *.vimeocdn.com *.cardinalcommerce.com *.payments-amazon.co.uk *.payments-amazon.com *.payments-amazon.co.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cdn.dnky.co *.comapi.com *.dotdigital.com *.facebook.net *.yotpo.com *.salecycle.com *.linksynergy.com data: *.listrakbi.com *.google.co.in *.google-analytics.com *.doubleclick.net *.listrak.com *.googletagmanager.com *.bing.com *.paypalobjects.com *.sandbox.paypal.com *.pinimg.com *.hotjar.com *.adelixir.com *.batbing.com *.pinterest.com *.nr-data.net *.youtube.com *.addthis.com *.marker.io *.moatads.io *.moatads.com *.cloudflare.com *.addthisedge.com chimpstatic.com imagemarker.com *.magentosite.cloud *.b-cdn.net *.cookiebot.com detail-cdn.s3.eu-central-1.amazonaws.com *.adobe.io *.payenginge.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: *.hoddereducation.co.uk *.risingstars-uk.com *.hoddergibson.co.uk *.hoddereducation.sg *.galorepark.co.uk *.hachette.co.uk *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.osano.com *.api.osano.com; report-uri /api/csp/log-csp-violation 2 font-src *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.zendesk.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ *.fontawesome.com 'self' data: fonts.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.zendesk.com *.twitter.com *.facebook.com *.zopim.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://test-api.viedu.org https://api.viedu.org https://test-launchpad.viedu.org https://launchpad.viedu.org https://luau-api.dev.viedu.org https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.sharethis.com https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bookshark.com *.sonlight.com *.gstatic.com *.zdassets.com https://widget-mediator.zopim.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.zendesk.com *.zopim.com *.chimpstatic.com chimpstatic.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.addtoany.com *.calendly.com https://calendly.com/ https://app.viralsweep.com https://edge.addthis.com https://cdn.datatables.net *.addthis.com *.klaviyo.com *.pinterest.com *.sonlightconnections.com https://c.sharethis.mgr.consensu.org/ https://anchor.fm https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.wesupply.xyz www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.zdassets.com *.chimpstatic.com chimpstatic.com *.zendesk.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.cdninstagram.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ https://a1.b0e8.com/ https://match.adsrvr.org/ https://insight.adsrvr.org/ https://px.steelhousemedia.com/ https://match.sharethrough.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com https://vimeo.com *.instagram.com wss://*.zopim.com *.zdassets.com *.zendesk.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.api.sonlight.com *.braintree-api.com *.pinterest.com https://js-agent.newrelic.com/ *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.nr-data.net *.calendly.com https://calendly.com/ https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://cdn.bc0a.com/ https://cdn1.b0e8.com/ https://dx.mountain.com/ https://px.mountain.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.zdassets.com *.zendesk.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ unsafe-inline https://static.klaviyo.com fonts.googleapis.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bookshark.com *.sonlight.com *.zdassets.com *.zopim.com *.addtoany.com *.pinterest.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.vimeo.com https://vimeo.com *.libsyn.com *.blubrry.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.zdassets.com *.zendesk.com wss://*.zopim.com *.chimpstatic.com chimpstatic.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.addtoany.com *.pinterest.com *.bam.nr-data.net https://bam.nr-data.net https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.addthis.com https://stats.g.doubleclick.net/ https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://maps.googleapis.com/ https://ixfd2-api.bc0a.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ t.elasticsuite.io https://www.google-analytics.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.ridestore.org *.ingest.sentry.io android-webview-video-poster: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.facebook.net *.facebook.com *.sentry.io *.getsentry.com *.ingest.sentry.io *.klarnacdn.net *.klarnaevt.com *.klarna.com *.klarnaservices.com *.online-metrix.net *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.adyen.com *.paypal.com *.paypalobjects.com *.fitanalytics.com *.livechatinc.com *.try-snowplow.com *.trustedshops.com *.getmdl.io *.tiktok.com; object-src 'none'; media-src 'self' data: *.ctfassets.com *.ctfassets.net *.livechatinc.com; frame-src 'self' *.sentry.io *.getsentry.com *.facebook.com *.klarnacdn.net *.klarnaevt.com *.klarna.com *.klarnaservices.com *.paypalobjects.com *.paypal.com *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.adyen.com *.fitanalytics.com *.livechatinc.com *.youtube.com *.videodelivery.net; report-uri https://o45992.ingest.sentry.io/api/5893254/security/?sentry_key=8a3336bf0af649cc8131a1785e058755&sentry_environment=production 2 default-src 'self' cdn.synthetix.com ssc.synthetix.com; img-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com *.hotjar.io; font-src *.gstatic.com *.hotjar.com *.hotjar.io; frame-src *.facebook.com *.twitter.com *.hotjar.com *.hotjar.io *.google.com *.youtube.com https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk/ https://wjec-cbac.leadfamly.com/ *.issuu.com/; object-src https://wjecwebsitelive.blob.core.windows.net; connect-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.hotjar.io *.google-analytics.com *.hotjar.com *.fullstory.com *.doubleclick.net wss://*.hotjar.com *.getaddress.io; style-src 'self' 'unsafe-inline' cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googleapis.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googletagmanager.com googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net 2 font-src fonts.googleapis.com fonts.gstatic.com https://cdn.checkout.com https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com assets.braintreegateway.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://js.checkout.com *.klarna.com https://*.cylindo.com/ https://www.google.com *.nosto.com *.nos.to *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.cylindo.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.checkout.com *.klarnacdn.net https://*.cylindo.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com https://www.gstatic.com js.klevu.com *.ksearchnet.com *.nosto.com *.nos.to https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://cdn.checkout.com https://*.cylindo.com/ https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://js.checkout.com *.klarnaevt.com https://*.cylindo.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.allesedv.at/mixedContentReporting.php 2 frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; manifest-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.nr-data.net https://*.zendesk.com https://*.google.com https://*.bsnteamsports.com https://*.fancloth.shop https://*.bsnteamsports.com https://*.fancloth.shop https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://ajax.googleapis.com https://assets.zendesk.com https://bam.nr-data.net https://code.jquery.com https://f.vimeocdn.com https://google-analytics.com https://googletagmanager.com https://js-agent.newrelic.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://player.vimeo.com https://*.xisecurenet.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://static.zdassets.com https://theme.zdassets.com https://use.fontawesome.com https://v2.zopim.com https://www.google-analytics.com https://*.googletagmanager.com https://www.vimeo.com https://widget-mediator.zopim.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://graph.facebook.com https://js.facebook.com https://use.typekit.net https://www.googleadservices.com https://unpkg.com https://cdn.jsdelivr.net https://d10lpsik1i8c69.cloudfront.net https://dev.visualwebsiteoptimizer.com; style-src 'self' 'report-sample' 'unsafe-inline' *.zdassets.com *.fontawesome.com *.bootstrapcdn.com *.typekit.net *.google.com *.bsnteamsports.com *.fancloth.shop *.bsnteamsports.com *.fancloth.shop *.googleapis.com cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com unpkg.com cdn.jsdelivr.net; object-src *.googlesyndication.com; frame-src 'self' *.vimeo.com vars.hotjar.com www.googletagmanager.com www.google.com *.paymetric.com bid.g.doubleclick.net; child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net *.vimeo.com connect.facebook.net vimeo.com www.googletagmanager.com; img-src 'self' data: blob: *.zopim.io *.zopim.com *.zendesk.com *.zdusercontent.com *.zdassets.com *.vimeocdn.com *.vimeo.com *.nr-data.net *.google.com *.google-analytics.com ajax.googleapis.com code.jquery.com *.bsnteamsports.com *.fancloth.shop *.bsnteamsports.com *.fancloth.shop *.bsnsports.com *.gstatic.com googleads.g.doubleclick.net script.hotjar.com pulse.art.bsnsports.com ssgsales.com www.facebook.com *.googletagmanager.com dev.visualwebsiteoptimizer.com; font-src 'self' data: *.zopim.com *.fontawesome.com *.bootstrapcdn.com *.bsnteamsports.com *.fancloth.shop *.bsnteamsports.com *.fancloth.shop *.typekit.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com static.zdassets.com; connect-src 'self' *.zopim.io *.zopim.com *.zendesk.com *.zdassets.com *.nr-data.net *.hotjar.io *.hotjar.com *.google.com *.fontawesome.com *.bsnteamsports.com *.fancloth.shop *.analytics.google.com ajax.googleapis.com code.jquery.com fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net settings.luckyorange.net vimeo.com www.facebook.com www.ssgecom.com *.google-analytics.com *.googletagmanager.com wss://in.visitors.live wss://visitors.live wss://*.hotjar.com wss://widget-mediator.zopim.com; form-action 'self' *.google.com *.facebook.com connect.facebook.net; media-src 'self' *.vimeo.com static.zdassets.com vimeo.com; prefetch-src 'self'; worker-src 'self' blob: www.google.com; report-uri https://62e17a85e7a4e344fdd77145.endpoint.csper.io?v=1 2 img-src 'self' www.google-analytics.com www.facebook.com https://*.keywee.co https://*.quantserve.com images.getinconvo.com attachments-bucket-eu-west-1-prod.s3.eu-west-1.amazonaws.com data:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net ws://*.sessioncam.com wss://*.sessioncam.com; connect-src 'self' https://mandg.scene7.com https://*.pru.co.uk https://*.akamaihd.net https://*.akstat.io https://*.demdex.net https://*.go-mpulse.net https://*.sessioncam.com https://d2oh4tlt9mrke9.cloudfront.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://assets.adobedtm.com https://cdn.cookielaw.org https://cm.everesttech.net https://geolocation.onetrust.com https://www.google-analytics.com https://privacyportal-de.onetrust.com https://prudential.distribution.team.prudential.co.uk https://search-api.swiftype.com https://smetrics.mandg.com https://stats.g.doubleclick.net https://prudentialdistributi.tt.omtrdc.net https://policylookup.mandg.com; font-src 'self' data: https://api.fundpress.io https://fonts.gstatic.com; form-action 'self' https://*.pru.co.uk https://prudential.distribution.team.prudential.co.uk; frame-ancestors 'self' https://www.mymandg.co.uk https://*.pru.co.uk https://*.fundslibrary.co.uk; frame-src 'self' https://*.demdex.net https://*.pru.co.uk https://*.pruadviser.co.uk https://www.brighttalk.com https://digitalsecure.mandg.com https://forms.mymandg.co.uk https://securedigital.wealth.mandg.com https://securedigital.pru.mandg.com https://securedigital.prudential.co.uk https://secure.digital.mandg.com https://www.google.com https://irpages2.equitystory.com https://insight.adsrvr.org https://infogram.com https://e.infogram.com https://match.adsrvr.org https://mandg.fidainformatica.it https://mandg.videomarketingplatform.co https://recaptcha.google.com https://view.ceros.com https://www.youtube-nocookie.com https://igccharges.mandg.com; img-src 'self' https://mandg.scene7.com data: https://*.akstat.io https://*.demdex.net https://*.sessioncam.com https://ad.doubleclick.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://adservice.google.com https://assets.adobedtm.com https://cm.everesttech.net https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://i.ytimg.com https://smetrics.mandg.com https://ttcontacts.com https://797110.global.siteimproveanalytics.io; media-src blob: https://mandg.scene7.com https://mandg.videomarketingplatform.co; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mandg.scene7.com https://*.demdex.net https://*.go-mpulse.net https://*.pru.co.uk https://d2oh4tlt9mrke9.cloudfront.net https://assets.adobedtm.com https://api.fundpress.io https://cdn.cookielaw.org https://cm.everesttech.net https://e.infogram.com https://geolocation.onetrust.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' https://mandg.scene7.com https://*.demdex.net https://*.go-mpulse.net https://*.pru.co.uk https://d2oh4tlt9mrke9.cloudfront.net https://api.fundpress.io https://api-rel.fundpress.io https://api-uk.kurtosys.app https://assets.adobedtm.com https://www.brighttalk.com https://cdn.cookielaw.org https://cm.everesttech.net https://e.infogram.com https://geolocation.onetrust.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://js.adsrvr.org https://report.23video.com https://siteimproveanalytics.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://mandg.scene7.com https://fonts.googleapis.com; base-uri 'self' 2 default-src https: http: data: wss://*.forter.com 'unsafe-inline' 'unsafe-eval'; connect-src https: http: wss://*.forter.com; frame-ancestors 'self' https: http: *.czs.org 172.21.2.30 www.chasepaymentechhostedpay.com object-src 'self'; img-src 'unsafe-eval' 'unsafe-inline' data: blob: *; font-src 'self' data: https: http: *.typekit.net; script-src 'unsafe-eval' 'unsafe-inline' blob: data: https: http: 'self' emarketing.activenetwork.com d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com kpstat.forter.com:7043 www.google.com maps.google.com maps.googleapis.com ssl.google-analytics.com www.google-analytics.com www.gstatic.com embed.idonate.com use.typekit.net cdn-js.net cdnjs.cloudflare.com d35u1vg1q28b3w.cloudfront.net partners.cmptch.com static.cmptch.com scriptcdn.net auctioneer.50million.club m.addthis.com s7.addthis.com m.addthisedge.com lkysearchex3688-a.akamaihd.net analyticspage.tools apiurl.org appsource.cool countmake.cool fp166.digitaloptout.com eluxer.net mirextpro.com z.moatads.com secure.myshopcouponmac.com payperclickadz.com cdn.pmqzads.com qdatasales.com widget-prime.rafflecopter.com srvvtrk.com pwm-image.trendmicro.com gateway.zscloud.net; style-src 'unsafe-eval' 'unsafe-inline' 'self' accessibility-bookmarklets.org emarketing.activenetwork.com cdnjs.cloudflare.com use.fontawesome.com fonts.googleapis.com hello.myfonts.net pwm-image.trendmicro.com; report-uri https://bzcsp.report-uri.com/r/d/csp/reportOnly 2 default-src 'self' data: https://fonts.gstatic.com https://api.faqbot.co https://dstnyfrance.piwik.pro https://dstnyfrance.containers.piwik.pro https://*.hcaptcha.com ; script-src 'self' https://www.gstatic.com https://cdn.jsdelivr.net https://code.jquery.com https://dstnyfrance.containers.piwik.pro https://browser-update.org https://faqbot.co https://js.hcaptcha.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://ajax.googleapis.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' data: https://fonts.gstatic.com ; img-src 'self' data: https://api.faqbot.co https://browser-update.org https://dstnyfrance.piwik.pro https://www.gstatic.com https://secure.gravatar.com ; connect-src 'self' https://newassets.hcaptcha.com https://api.faqbot.co https://dstnyfrance.piwik.pro https://dstnyfrance.containers.piwik.pro ; frame-ancestors 'self' ; child-src 'self' https://forms.zohopublic.com https://newassets.hcaptcha.com ; report-uri https://csp-report.jetpulp.hosting/ 2 frame-ancestors 'none'; base-uri 'none'; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://api-adresse.data.gouv.fr https://grenoblealpesmetropole.matomo.cloud; img-src https: data:; frame-src https:; form-action 'self' https://harpe.grenoble.fr; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /include/csp.php 2 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' diypestcontrol.com admin.diypestcontrol.com www.diypestcontrol.com www.googletagmanager.com www.dwin1.com static.klaviyo.com chimpstatic.com www.googleadservices.com static-tracking.klaviyo.com googleads.g.doubleclick.net diypestcontrol.ladesk.com widget.trustpilot.com invitejs.trustpilot.com www.google-analytics.com bat.bing.com www.google.com www.gstatic.com; report-uri /.webscale/csp-report 2 font-src https://*.gstatic.com fonts.googleapis.com fonts.gstatic.com *.narvar.com *.narvar.qa script.hotjar.com *.googleapis.com *.gstatic.com au-tracker.inside-graph.com au-cdn.inside-graph.com 'self' data: integration-sandbox-cdn.toshi.co integration-cdn.toshi.co acsbapp.com shopping.qantas.com appdown.pstatic.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 0merchantacsstag.cardinalcommerce.com geostag.cardinalcommerce.com www.facebook.com tst.kaptcha.com bid.g.doubleclick.net 'self' 'unsafe-inline'; frame-ancestors au-tracker.inside-graph.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com vars.hotjar.co vimeo.com acsbapp.com ssl.kaptcha.com player.smartzer.com www.google.com t.sharethis.com tst.kaptcha.com bid.g.doubleclick.net www.facebook.com accounts.accessibe.com dashboard.accessibe.com www.paypalobjects.com acestream.me 3ds.sia.eu www.houzz.com acs2.3dsecure.no *.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com https://*.gstatic.com maps.googleapis.com maps.gstatic.com *.narvar.com *.narvar.qa www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com adservice.google.com script.hotjar.com www.google.com www.google.sa www.google.ca *.bing.com *.clarity.ms data:* web1.acsbapp.com integration-sandbox-cdn.toshi.co www.google.bg www.google.be www.google.co.uk www.google.nl www.gstatic.com www.googletagmanager.com translate.google.com idsync.rlcdn.com consent.linksynergy.com au-live.inside-graph.com bam-cell.nr-data.net integration-cdn.toshi.co bat.bing.com www.google.com.au google.com.au qhn06m.a.searchspring.io 6umcpw.a.searchspring.io q4p7ce.a.searchspring.io you9wl.a.searchspring.io slc.stats.paypal.com 64.media.tumblr.com www.zimmermannwear.com www.zimmermann.com staging3.zimmermannwear.com staging3.zimmermann.com au-cdn.inside-graph.com platform-cdn.sharethis.com hnd.stats.paypal.com d3cgm8py10hi0z.cloudfront.net track.linksynergy.com l.sharethis.com www.facebook.com www.google.co.in googleads.g.doubleclick.net log-papago.naver.com www.google.com.mx www.google.com.br web.facebook.com m.facebook.com www.google.co.ma www.google.ru www.google.at www.google.it www.google.co.nz www.google.se www.google.no www.google.de www.google.fr www.google.hr www.google.pl www.google.lt www.google.ae www.google.ch www.google.pt www.google.co.vi www.google.com.bh www.google.dk www.google.es www.google.cl www.google.com.do www.google.ro www.google.co.za www.google.co.ao www.google.lu www.google.com.sa www.google.com.kw www.google.com.qa www.google.hu www.google.com.ua www.google.com.tr www.google.gr www.google.ie www.google.hn www.google.com.ar www.google.am www.google.com.jm www.google.com.co log.pinterest.com tags.rd.linksynergy.com ct.pinterest.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.youtube.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://cdn.searchspring.net/intellisuggest/is.min.js script.crazyegg.com www.googleoptimize.com www.clarity.ms *.clarity.ms ut.rd.linksynergy.com songbird.cardinalcommerce.com tag.lexer.io bat.bing.com tag.rmp.rakuten.com www.fullstory.com songbirdstag.cardinalcommerce.com www.gstatic.com www.google.com au-cdn.inside-graph.com cdn.searchspring.net acsbapp.com googleadservices.com google-analytics.com paypalobjects.com paypal.com sandbox.paypal.com vimeocdn.com googletagmanager.com youtube.com trackedlink.net trackedweb.net dotdigital-pages.com client-analyticsbraintreegateway.com au-tracker.inside-graph.com intljs.rmtag.com cdn.scarabresearch.com au-live.inside-graph.com platform-api.sharethis.com platform-cdn.sharethis.com buttons-config.sharethis.com l.sharethis.com t.sharethis.com fullstory.com integration-sandbox-cdn.toshi.co integration-cdn.toshi.co bam-cell.nr-data.net js-agent.newrelic.com connect.facebook.net googleads.g.doubleclick.net assets.giocdn.com mayg6.svn0czn.com www.shopstylecollective.com ln-rules.rewardstyle.com fq1frg.a6rm7n.com web1.acsbapp.com *.hotjar.com auctioneer.50million.club bam.nr-data.net s.pinimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com/ fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com unsafe-inline cdn.honey.io cdn.searchspring.net au-cdn.inside-graph.com *.aptrinsic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://beacon.searchspring.io/beacon script.crazyegg.com *.hotjar.io wss://*.hotjar.com *.hotjar.com *.clarity.ms www.clarity.ms staging3.zimmermannwear.com staging3.zimmermann.com www.google.com track.lexer.io maps.googleapis.com centinelapi.cardinalcommerce.com adservice.google.com bat.bing.com stats.g.doubleclick.net www.tryzens-analytics.com www.tryzens-analytics.com:12280 kg668dbov0.execute-api.us-east-1.amazonaws.com au-cdn.inside-graph.com notify.bugsnag.com qhn06m.a.searchspring.io 6umcpw.a.searchspring.io q4p7ce.a.searchspring.io you9wl.a.searchspring.io writer.cardinalcommerce.com centinelapistag.cardinalcommerce.com 7dgmrv.a.searchspring.io services.postcodeanywhere.co.uk uat.tryzens-analytics.com:12280 amcglobal.sc.omtrdc.net au-live.inside-graph.com vimeo.com cdn.acsbapp.com recommender.scarabresearch.com wss://au-live.inside-graph.com l.sharethis.com sessions.bugsnag.com bam-cell.nr-data.net www.google-analytics.com www.facebook.com api.toshi.co staging.api.toshi.co www.googletagmanager.com ad.doubleclick.net web1.acsbapp.com rs.fullstory.com bam.nr-data.net ct.pinterest.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://0594ebf9e3dab534acdba65c6100b639.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2 form-action localmonero.co; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com localmonero.co; frame-ancestors 'self' ; report-uri /csp_report 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/edu_google 2 img-src https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ 'self' https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicstream.s3.amazonaws.com/CSIRESOURCES/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-08-16.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 2 font-src *.fontawesome.com https://*.tassimo.com https://*.lorespresso.com https://fonts.gstatic.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://*.fls.doubleclick.net https://vars.hotjar.com https://*.pinterest.com https://*.criteo.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.google.com.ua https://adservice.google.com https://ade.googlesyndication.com https://www.googletagmanager.com https://*.doubleclick.net https://eu-west-1-wtb-tag-api.swaven.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://*.bing.com https://*.pinterest.com https://*.yotpo.com https://*.clarity.ms https://*.cookielaw.org https://jde.blueconic.net https://*.contentsquare.net https://*.bidswitch.net https://*.adnxs.com https://*.casalemedia.com https://*.360yield.com https://*.media.net https://*.mediavine.com https://*.outbrain.com https://*.pubmatic.com https://*.rubiconproject.com https://*.sharethrough.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.yahoo.com https://*.adform.net https://*.omnitagjs.com https://*.criteo.com https://id5-sync.com https://*.ivitrack.com https://*.tremorhub.com https://*.yieldlab.net https://*.yieldmo.com https://*.openx.net https://*.krxd.net https://*.1rx.io https://*.thebrighttag.com https://*.eyeota.net https://*.tapad.com https://*.postcodeanywhere.co.uk *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://unpkg.com *.avada.io https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.gstatic.com https://*.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.blueconic.net https://jdeco11112.pcapredict.com https://*.swaven.com https://*.usabilla.com https://cdn.cookielaw.org https://connect.facebook.net https://*.hotjar.com https://p.teads.tv https://www.dwin1.com https://bat.bing.com https://s.pinimg.com https://swrap.tradedoubler.com https://ad.avtm.fr https://*.clarity.ms https://staticw2.yotpo.com https://mpsnare.iesnare.com https://*.contentsquare.net https://*.criteo.com https://*.cloudfront.net https://*.postcodeanywhere.co.uk https://*.boost.ai *.yotpo.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://*.tassimo.com https://*.lorespresso.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com https://*.postcodeanywhere.co.uk *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://mpsnare.iesnare.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://*.blueconic.net https://*.swaven.com https://www.google.com https://www.google-analytics.com https://*.googleapis.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.clarity.ms https://*.onetrust.com https://ct.pinterest.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com https://*.contentsquare.net https://*.boost.ai *.yotpo.com https://bam.eu01.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://d6tizftlrpuof.cloudfront.net https://*.boost.ai 'self' 'unsafe-inline'; 2 image-src access.nagich.com www.googleadservices.com www.google-analytics.com ct.pinterest.com; font-src fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sagepay.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://insights.hotjar.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.sagepay.com *.yotpo.com insight.adsrvr.org vars.hotjar.com www.pinterest.com *.trustpilot.com cookies.onetrust.mgr.consensu.org https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net widgets.magentocommerce.com data: p.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://img.youtube.com *.yotpo.com www.xtento.com cdn.xtento.com cdn.cookielaw.org https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net commerce.adobe.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com connect.facebook.net graph.facebook.com business.facebook.com *.sagepay.com maps.googleapis.com *.yotpo.com aacdn.nagich.com s.pinimg.com www.googleadservices.com googleads.g.doubleclick.net script.hotjar.com static.hotjar.com d10lpsik1i8c69.cloudfront.net js.adsrvr.org js-agent.newrelic.com bam-cell.nr-data.net cdn.ometria.com www.xtento.com cdn.xtento.com intljs.rmtag.com ut.rd.linksynergy.com *.trustpilot.com cdn.cookielaw.org https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com getfirebug.com unsafe-inline *.fontawesome.com maxcdn.bootstrapcdn.com *.typekit.net *.yotpo.com *.googleapis.com access.nagich.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.adobe.io performance.typekit.net api.magento.com commerce.adobe.io commerce.adobe.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net www.sandbox.paypal.com qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.sagepay.com ws: *.yotpo.com aacdn.nagich.com access.nagich.com www.google-analytics.com stats.g.doubleclick.net settings.luckyorange.net bam-cell.nr-data.net cdn.cookielaw.org https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com www.google.com match.sharethrough.com pixel.tapad.com *.bidswitch.net *.linkedin.com *.taboola.com c.bing.com *.criteo.com ad.yieldlab.net sync.outbrain.com *.rubiconproject.com t.co *.casalemedia.com www.google.fr cdn.linkedin.oribi.io cm.adform.net *.smartadserver.com *.doubleclick.net *.facebook.net criteo-partners.tremorhub.com simage2.pubmatic.com *.googleapis.com fonts.gstatic.com visitor.omnitagjs.com ad.360yield.com i.liadm.com dashboard.chatfuel.com matching.ivitrack.com *.twitter.com tg.socdm.com www.googletagmanager.com www.google-analytics.com *.tiktok.com sync-criteo.ads.yieldmo.com *.ads-twitter.com snap.licdn.com eb2.3lift.com adservice.google.com js-agent.newrelic.com analytics.skyscanner.net ads.stickyadstv.com exchange.mediavine.com contextual.media.net www.youtube.com bam.nr-data.net ib.adnxs.com id5-sync.com criteo-sync.teads.tv *.criteo.net ups.analytics.yahoo.com ariane.abtasty.com sjf.flycorsair.com genki.flycorsair.com try.abtasty.com; form-action www.flycorsair.com; frame-ancestors 'self' ; report-uri /csp_report 2 child-src ; connect-src 'self' api.bellhop.com api.bellhops.dev api.omappapi.com api.segment.io api-js.mixpanel.com api-us-east-1.graphcms.com bellhop.extole.io *.clarity.ms cdn.segment.com ct.pinterest.com *.ingest.sentry.io *.intercom.io nexus-websocket-a.intercom.io maps.googleapis.com pnapi.invoca.net rs.fullstory.com stats.g.doubleclick.net www.google-analytics.com; default-src ; font-src 'self' fonts.gstatic.com js.intercomcdn.com; form-action ct.pinterest.com www.facebook.com; frame-src bid.g.doubleclick.net ct.pinterest.com js.stripe.com www.facebook.com; img-src 'self' ag.innovid.com analytics.twitter.com apolloprogram.io b1sync.zemanta.com bat.bing.com c.us1.dyntrk.com cm.adgrx.com cm.eyereturn.com cmi.netseer.com ct.pinterest.com d.adroll.com flask.nextdoor.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com js.intercomcdn.com *.loggly.com load.instinctiveads.com media.graphassets.com media.graphcms.com origin.xtlo.net p.truefitcorp.com pippio.com secure.insightexpressai.com segments.company-target.com static.intercomassets.com su.addthis.com sync.smartadserver.com t.co track2.securedvisit.com ups.analytics.yahoo.com us-u.openx.net vop.sundaysky.com wam.solution.weborama.fr www.facebook.com www.google.com www.google-analytics.com www.googletagmanager.com www.storygize.net x.bidswitch.net x.skimresources.com; manifest-src 'self'; media-src ; script-src 'unsafe-eval' 'unsafe-inline'; script-src-attr ; script-src-elem 'self' 'unsafe-inline' a.omappapi.com *.adroll.com ads.nextdoor.com bat.bing.com bellhop.extole.io cdn.segment.com connect.facebook.net d.impactradius-event.com edge.fullstory.com googleads.g.doubleclick.net js.intercomcdn.com js.stripe.com maps.googleapis.com pnapi.invoca.net s.pinimg.com shop.pe *.shop.pe solutions.invocacdn.com static.ads-twitter.com widget.intercom.io www.clarity.ms www.google-analytics.com www.googleadservices.com www.googletagmanager.com; style-src ; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' a.omappapi.com fonts.googleapis.com origin.xtlo.net; worker-src ; 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com *.doubleclick.net analytics.google.com *.googleapis.com cdn.jsdelivr.net *.facebook.com www.googletagmanager.com *.facebook.net www.google.com pro.fontawesome.com www.google.co.vi 6253864.global.siteimproveanalytics.io maxcdn.bootstrapcdn.com static.mobilemonkey.com *.googleadservices.com adservice.google.com www.google.com.pr siteimproveanalytics.com cdn.userway.org ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: data:; connect-src wss://www.florius.nl/ https://www.florius.nl/ https://www.surve.nl/ https://insights.hotjar.com/ https://dc.services.visualstudio.com/v2/track https://www.google-analytics.com/ https://region1.google-analytics.com/ https://stats.g.doubleclick.net/; worker-src blob:; report-uri https://www.florius.nl/api/v1.0/CSPReporting/Report?category=report-only;; 2 font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.instagram.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.mention-me.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.cdninstagram.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.instagram.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com *.mention-me.com *.stripe.com klarna.com *.klarnaevt.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com *.mention-me.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.abstractscorecard.com www.googletagmanager.com www.mycadmium.com abstract.cadmiumcd.com abs.gocadmium.com; style-src-elem 'unsafe-eval' 'unsafe-inline' www.abstractscorecard.com www.mycadmium.com abstract.cadmiumcd.com abs.gocadmium.com; report-uri /csp-violation-report-endpoint/ 2 font-src *.bounceexchange.com *.google-analytics.com *.gstatic.com likeshop.me data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.bounceexchange.com *.facebook.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ js.authorize.net jstest.authorize.net accept.authorize.net www.xtento.com *.agilone.com *.facebook.com insight.adsrvr.org match.adsrvr.org *.signifyd.com *.online-metrix.net *.doubleclick.net *.affirm.com *.cookiebot.com *.bounceexchange.com *.office365.com *.google.com *.google.lv *.bglobale.com *.global-e.com *.nosto.com *.nos.to *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io store.paradoxlabs.com www.xtento.com cdn.xtento.com *.bounceexchange.com *.bouncex.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.googleapis.com *.facebook.com connect.facebook.net www.google.com www.google.lv *.bing.com *.lafayette148ny.com *.signifyd.com *.online-metrix.net *.postcodeanywhere.co.uk *.doubleclick.net heapanalytics.com *.heapanalytics.com *.bizrate.com *.dashhudson.com likeshop.me *.affirm.com *.atdmt.com *.cdnwidget.com *.bglobale.com *.global-e.com *.clarity.ms *.cloudfront.net *.nosto.com *.nos.to *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.authorize.net js.authorize.net jstest.authorize.net sandbox-assets.secure.checkout.visa.com www.xtento.com cdn.xtento.com *.googletagmanager.com www.google.com www.google.lv www.gstatic.com *.agilone.com *.bing.com *.upsellit.com connect.facebook.net googleads.g.doubleclick.net *.sociomantic.com js.adsrvr.org *.algolianet.com *.algolia.net *.signifyd.com seal.websecurity.norton.com *.pcapredict.com *.addressy.com *.bizrate.com *.googleapis.com *.heapanalytics.com *.zdassets.com *.affirm.com tag.wknd.ai *.bounceexchange.com *.dashhudson.com *.luckyorange.com *.cookiebot.com *.securedvisit.com *.pingdom.net *.cloudfront.net *.newrelic.com *.nr-data.net klear.com *.mczbf.com *.bglobale.com *.global-e.com *.clarity.ms cdn.noibu.com *.nosto.com *.nos.to *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bounceexchange.com *.googleapis.com *.addressy.com *.bizrate.com *.bglobale.com *.global-e.com *.cloudfront.net *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.authorize.net js.authorize.net jstest.authorize.net api.authorize.net apitest.authorize.net accept.authorize.net test.authorize.net *.algolianet.com *.signifyd.com *.signifyd.com:* *.addressy.com *.bing.com *.bounceexchange.com *.bouncex.net *.zdassets.com *.zendesk.com *.zopim.com *.doubleclick.net *.affirm.com *.google-analytics.com *.googleapis.com likeshop.me *.heapanalytics.com wss: *.luckyorange.net *.cookiebot.com *.cdnbasket.net *.cdnwidget.com *.pingdom.net *.nr-data.net *.facebook.com klear.com *.mczbf.com *.sjwoe.com *.clarity.ms input.noibu.com *.nosto.com *.nos.to *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.bounceexchange.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' pt d2oh4tlt9mrke9.cloudfront.net www.googletagmanager.com *.dynatrace.com *.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com stats.g.doubleclick.net www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com glassboxdigital.com cdn.gbqofs.com www.googleoptimize.com *.inmoment.com *.asapp.com; connect-src 'self' ws.sessioncam.com *.dynatrace.com *.optimizely.com www.enterice.com stats.g.doubleclick.net www.google-analytics.com dc.services.visualstudio.com report.assurant.gbqofs.io *.googleapis.com *.inmoment.com *.asapp.com; img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com stats.g.doubleclick.net www.google.com secure.comodo.com www.googletagmanager.com ajax.aspnetcdn.com mobileclaimstest.azureedge.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.asapp.com; font-src 'self' fonts.gstatic.com; frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com *.asapp.com; worker-src blob:; 2 default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com; img-src 'self' blob: data: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 2 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com https://dispawsusva.inmoment.com https://intercept-client.inmoment.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com; img-src 'self' https: data: ; font-src 'self' https: ; connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com https://cybg.egain.cloud https://dispawsusva.inmoment.com; media-src 'self'; object-src 'self'; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com https://www.inmoment.com; frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk; report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; img-src 'self' data: https://ik.imagekit.io https://www.google-analytics.com https://img.youtube.com https://*.ytimg.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' data:; frame-src 'self' https://www.google.com https://www.youtube.com; frame-ancestors 'self' 2 font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.google.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com *.youtube.com youtu.be google.com *.google.com *.nr-data.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.google.com https://www.gstatic.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com *.google.com *.gstatic.com *.newrelic.com *.nr-data.net dmp.info.mossmotors.com dmp.info.mossmiata.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com *.nr-data.net *.google-analytics.com dmp.info.mossmotors.com dmp.info.mossmiata.com *.cloudfront.net *.dycdn.net *.freshrelevance.com wss://am.freshrelevance.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 report-uri https://www.tv5unis.ca/csp-report;default-src 'self' *.googlesyndication.com ;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.scorecardresearch.com *.google-analytics.com *.gstatic.com *.hotjar.com *.m32.media *.pinimg.com *.tiktok.com *.tv5unis.ca cdn.ampproject.org snap.licdn.com tag.aticdn.net sc-static.net ;style-src 'self' 'unsafe-inline' *.tv5unis.ca fonts.googleapis.com ;img-src 'self' data: *.doubleclick.net *.facebook.com *.google.ca *.google.com *.googleusercontent.com *.google-analytics.com *.googlesyndication.com *.scorecardresearch.com *.linkedin.com *.tiktok.com *.tv5unis.ca p.adsymptotic.com bcp.crwdcntrl.net platform-lookaside.fbsbx.com https://image-proxy.tv5unis.ca ;media-src 'self' blob: *.2mdn.net *.llnw.net ;frame-src 'self' *.doubleclick.net *.facebook.com *.firebaseapp.com/ *.google.com *.googlesyndication.com ads.pubmatic.com imasdk.googleapis.com vars.hotjar.com tr.snapchat.com ;font-src 'self' data: fonts.gstatic.com ;connect-src 'self' *.2mdn.net *.adnxs.com *.amazon-adsystem.com *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.linkedin.com *.llnw.net *.m32.media *.scorecardresearch.com *.tiktok.com bcp.crwdcntrl.net cdn.ampproject.org cdn.jsdelivr.net licensing.bitmovin.com platform-lookaside.fbsbx.com sc-static.net sentry.io snap.licdn.com static.hotjar.com tag.aticdn.net us-central1-m32-infrastructure.cloudfunctions.net vendorlist.consensu.org https://api.tv5unis.ca https://image-proxy.tv5unis.ca ;worker-src 'self' blob: ;form-action 'self' www.facebook.com tr.snapchat.com ; 2 font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: fonts.googleapis.com *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com *.klarnacdn.net *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.global-e.com *.google-analytics.com *.useinsider.com self unsafe-inline *.honey.io data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.yotpo.com *.twitter.com *.pcipalstaging.cloud *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.twitter.com *.bglobale.com *.freshchat.com *.global-e.com *.google-analytics.com *.pcipalstaging.cloud *.adyen.com *.useinsider.com *.vimeo.com *.zenaps.com *.doubleclick.net *.facebook.com self 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.yotpo.com *.twitter.com *.bglobale.com *.freshchat.com *.global-e.com *.google-analytics.com *.pcipalstaging.cloud *.useinsider.com *.vimeo.com *.zenaps.com *.doubleclick.net *.facebook.com self unsafe-inline *.pinterest.com *.pinterest.co.uk consentag.eu dressipi-production.seasaltcornwall.com *.paypalobjects.com www.xtento.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com *.klevu.com *.ksearchnet.com *.yotpo.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.global-e.com *.seasaltcornwall.com *.blucommerce.com yotpo-stool.s3.amazonaws.com *.contentsquare.net *.freshchat.com *.bing.com *.doubleclick.net *.google.com *.google.co.uk seasaltcornwall.com *.fbsbx.com *.kaltura.com *.pinterest.com *.securitymetrics.com *.zenaps.com *.awin1.com *.facebook.com *.atdmt.com *.outbrain.com *.tribalfusion.com *.openx.net *.clarity.ms *.facebook.net *.flagcdn.com flagcdn.com dummymasterdressipihost *.useinsider.com *.cookielaw.org *.fitanalytics.com *.quantserve.com *.yahoo.com *.dotomi.com *.soreto.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net unpkg.com commerce.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.klevu.com *.ksearchnet.com *.yotpo.com *.klarnaservices.com *.cloudflare.com *.cookielaw.org *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klevu.com *.bglobale.com js-agent.newrelic.com *.nr-data.net *.googletagmanager.com *.contentsquare.net *.freshchat.com *.bing.com *.doubleclick.net *.global-e.com *.google.com *.sub2tech.com *.onetrust.com *.useinsider.com *.dwin1.com *.kaltura.com *.pinimg.com *.zenaps.com *.facebook.net *.tribalfusion.com *.cloudfront.net consentag.eu *.outbrain.com *.ctnsnet.com *.clarity.ms *.freshworks.com *.payments-amazon.com dummymasterdressipihost *.seasaltcornwall.com *.fitanalytics.com *.quantserve.com *.yahoo.com *.dotomi.com *.soreto.com *.quantcount.com www.xtento.com cdn.xtento.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com *.klarnacdn.net *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com getfirebug.com t.contentsquare.net *.freshchat.com *.bing.com *.google-analytics.com *.useinsider.com *.honey.io *.freshworks.com dummymasterdressipihost *.seasaltcornwall.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.klevu.com *.ksearchnet.com *.yotpo.com *.klarnaservices.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.brilliantcollector.com *.contentsquare.net *.freshchat.com *.bing.com *.nr-data.net stats.g.doubleclick.net *.google-analytics.com *.edq.com wss://euwest1.pcipalstaging.cloud *.pcipalstaging.cloud *.cookielaw.org *.useinsider.com *.pinterest.com *.onetrust.com *.clarity.ms *.googleapis.com *.freshworks.com *.trustpilot.com *.fitanalytics.com *.soreto.com 'self' 'unsafe-inline'; child-src blob: *.contentsquare.net *.seasaltcornwall.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.sagepay.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.lpsnmedia.net *.liveperson.net *.hotjar.com *.sagepay.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com platform.twitter.com https://plumrocket.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.linkedin.com bat.bing.com *.powerreviews.com dev.visualwebsiteoptimizer.com seal.digicert.com https://www.google.com/pagead/1p-user-list/ https://www.google.co.jp/pagead/1p-user-list/ https://www.google.com/ads/ https://www.google.co.jp/ads/ https://*.adsymptotic.com/d/px/ *.liquifire.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de seal.digicert.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam.nr-data.net code.jquery.com *.lpsnmedia.net *.liveperson.net *.hotjar.com *.resultspage.com *.resultsdemo.com *.powerreviews.com *.g.doubleclick.net https://snap.licdn.com/li.lms-analytics/ bat.bing.com *.sagepay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com player.vimeo.com connect.facebook.net twitter.com platform.twitter.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com use.fontawesome.com fonts.googleapis.com *.resultspage.com *.resultsdemo.com *.powerreviews.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.powerreviews.com bam.nr-data.net *.g.doubleclick.net wss://*.hotjar.com https://*.hotjar.com *.hotjar.io bat.bing.com *.sagepay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 report-uri https://csp.withgoogle.com/csp/forms/prod;frame-ancestors 'none' 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdnjs.cloudflare.com cdn.jsdelivr.net voidlabs.containers.piwik.pro dl.frontapp.com hcaptcha.com; connect-src 'self' wss://*.tawk.to *.tawk.to newassets.hcaptcha.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com embed.tawk.to; frame-src 'self' demo.voxmail.it www.youtube-nocookie.com newassets.hcaptcha.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com embed.tawk.to; media-src 'self' embed.tawk.to; report-uri https://catbzhkx.uriports.com/reports/report 2 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' pt d2oh4tlt9mrke9.cloudfront.net www.googletagmanager.com *.dynatrace.com *.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com stats.g.doubleclick.net www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com glassboxdigital.com cdn.gbqofs.com www.googleoptimize.com *.inmoment.com *.asapp.com; connect-src 'self' ws.sessioncam.com *.dynatrace.com *.optimizely.com www.enterice.com stats.g.doubleclick.net www.google-analytics.com dc.services.visualstudio.com report.assurant.gbqofs.io *.googleapis.com *.inmoment.com *.asapp.com; img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com stats.g.doubleclick.net www.google.com secure.comodo.com www.googletagmanager.com ajax.aspnetcdn.com mobileclaimstest.azureedge.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.asapp.com; font-src 'self' fonts.gstatic.com; frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com *.asapp.com; worker-src blob:; 2 default-src * data: blob:; child-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' 'self'; style-src https: 'unsafe-inline'; object-src https: 'unsafe-inline'; report-uri https://broadlyproxy.report-uri.com/r/d/csp/reportOnly; 2 font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: ws: wss:; img-src 'unsafe-inline' blob: data: *; report-uri https://csp.test.orlo.tech/report; 2 base-uri *.wein.plus;connect-src *.wein.plus *.googleapis.com;child-src *.wein.plus;default-src 'none';media-src *.wein.plus;form-action *.wein.plus;img-src *.wein.plus data:;font-src *.wein.plus data: *.gstatic.com;manifest-src *.wein.plus;style-src *.wein.plus 'self' 'unsafe-inline';style-src-elem *.wein.plus 'unsafe-inline';script-src *.wein.plus 'self' 'unsafe-inline' *.etracker.com;script-src-elem *.wein.plus 'unsafe-inline' *.etracker.com 2 default-src 'self' *.ctfassets.net;img-src 'self' *.ctfassets.net *.facebook.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.contentful.com data: blob:;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.gstatic.com;connect-src 'self' ws: *.ctfassets.net *.contentful.com *.bugsnag.com *.google-analytics.com *.swish.nu *.facebook.com;object-src 'none';script-src 'self' 'unsafe-eval' *.facebook.net *.googletagmanager.com *.google-analytics.com 'sha256-EbIf/28oJqqS5jlA4F4cxAuQyBgLsbwNN3SaKD7SPG8=' 'sha256-fNl6dMU2ozNYP+OO/xe3UlSrQ/B7H/B5mYtcdLPGSWc=' 2 default-src 'self'; font-src 'self' *.gstatic.com; img-src 'self' data: *.eventdata.co.uk *.eventdata.uk *.google-analytics.com; script-src-elem 'self' 'unsafe-hashes' 'unsafe-inline' *.eventdata.co.uk *.eventdata.uk *.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; style-src 'self' *.googleapis.com cdnjs.cloudflare.com *.eventdata.co.uk *.eventdata.uk connect.facebook.net; style-src-elem 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com *.eventdata.co.uk *.eventdata.uk connect.facebook.net; style-src-attr 'unsafe-hashes' 'unsafe-inline'; frame-ancestors 'self'; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net; report-uri https://qtq417pr.uriports.com/reports/report; report-to default 2 font-src https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de payments.amazon.de www.jsctool.com www.xtento.com https://plumrocket.com https://www.youtube.com/ *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net https://widgets.trustedshops.com https://integrations.etrusted.com *.pixriot.com *.storeimaging.com www.xtento.com cdn.xtento.com 'self' data: https://cdn.cookielaw.org/ https://widgets.trustedshops.com/ https://*.usercentrics.eu/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.plugins.emarsys.net *.scarabresearch.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com www.jsctool.com https://widgets.trustedshops.com https://integrations.etrusted.com www.xtento.com cdn.xtento.com *.google.com *.gstatic.com https://cdn.cookielaw.org/ https://widget.trustpilot.com/ https://invitejs.trustpilot.com/ https://widgets.trustedshops.com/ https://*.zdassets.com/ https://*.usercentrics.eu/ *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com d.ratepay.com https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com *.googleapis.com *.gstatic.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.zdassets.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com *.scarabresearch.com *.eservice.emarsys.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com payments.amazon.de d.ratepay.com www.jsctool.com *.trustedshops.com *.etrusted.com *.pixriot.com *.storeimaging.com t.elasticsuite.io *.google-analytics.com https://cdn.cookielaw.org/ https://*.zdassets.com/ https://*.usercentrics.eu/ https://hjhoffice.zendesk.com/ wss://widget-mediator.zopim.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.sagepay.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.narvar.com *.narvar.qa *.tawk.to fonts.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.sagepay.com *.twitter.com https://plumrocket.com *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com maps.googleapis.com chart.googleapis.com *.twitter.com https://plumrocket.com https://accounts.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.narvar.com *.narvar.qa store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.tawk.to cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com maps.googleapis.com chart.googleapis.com *.youtube.com *.paypal.com *.sandbox.paypal.com *.google.com *.googletagmanager.com *.plumrocket.com *.tawk.to *.bam-cell.nr-data.net *.gstatic.com https://accounts.google.com https://www.gstatic.com api.veritrans.co.jp *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://accounts.google.com https://www.gstatic.com unsafe-inline fonts.googleapis.com cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src www.apptrian.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.paypal.com *.sagepay.com maps.googleapis.com chart.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com https://accounts.google.com api.veritrans.co.jp *.authorize.net www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.tawk.to wss://*.tawk.to *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://mcstaging.mikimoto.com/; report-to report-endpoint; 2 default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 2 default-src 'self' www.youtube.com; script-src 'self' 'unsafe-inline' koi-3R47TM087O.marketingautomation.services *.googletagmanager.com static.mailplus.nl consent.cookiebot.com www.googletagmanager.com snap.licdn.com www.googleadservices.com googleads.g.doubleclick.net *.livechatinc.com vimeo.com connect.facebook.net spotlerscript.com t.spoterleads.com *.secure.force.com www.google-analytics.com consentcdn.cookiebot.com www.google.com www.google.nl t.spotlerleads.nl; prefetch-src 'self' https://www.conclusion.nl; connect-src 'self' *.google-analytics.com *.g.doubleclick.net google-analytics.com api.livechatinc.com www.google.com www.facebook.com adservice.google.com *.sentry.io; img-src 'self' *.linkedin.com *.g.doubleclick.net static.mailplus.nl *.datocms-assets.com datocms-assets.com https://www.facebook.com https://www.google-analytics.com www.google.nl www.google.com https://www.gstatic.com https://www.googletagmanager.com cdn.livechatinc.com https://px.ads.linkedin.com i.vimeocdn.com https://www.gstatic.com data:; font-src 'self'; frame-src 'self' *.secure.force.com consentcdn.cookiebot.com secure.livechatinc.com player.vimeo.com www.google.com www.facebook.com tpc.googlesyndication.com www.googletagmanager.com www.youtube.com; manifest-src 'self'; object-src www.youtube.com; style-src 'unsafe-inline' 'self' *.secure.force.com static.mailplus.nl; style-src-elem 'self' 'unsafe-inline' https://static.mailplus.nl/ *.secure.force.com https://www.conclusion.nl; frame-ancestors 'self'; media-src 'self' cdn.livechatinc.com; form-action 'self' www.facebook.com; script-src-elem 'self' 'unsafe-inline' *.mailplus.nl *.secure.force.com *.cookiebot.com *.livechatinc.com www.googletagmanager.com *.googletagmanager.com *.vimeo.com googletagmanager.com vimeo.com snap.licdn.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net spotlerscript.com t.spotlerleads.nl tpc.googlesyndication.com https://connect.facebook.net/; report-uri https://greenberry.report-uri.com/r/d/csp/reportOnly; report-to default; 2 report-uri /es/Error/ReportCPS; 2 font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.api-ingenico.com *.secured-by-ingenico.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.nosto.com *.nos.to assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.api-ingenico.com *.secured-by-ingenico.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com use.typekit.net data: https://*.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com cdn1.stamped.io stamped.io *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://*.force.com https://*.salesforce.com https://*.salesforceliveagent.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.force.com https://*.salesforce.com https://www.google.com https://www.paypalobjects.com https://www.youtube.com https://player.twitch.tv https://*.doubleclick.net https://*.facebook.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.force.com https://*.salesforce.com https://*.salesforceliveagent.com https://cdn-assets.affirm.com https://www.google.com https://*.cloudfront.net https://houseofstaunton.com https://www.houseofstaunton.com https://*.gstatic.com https://*.visualforce.com *.klevu.com *.ksearchnet.com cdn1.stamped.io stamped.io maps.gstatic.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.force.com https://*.salesforce.com https://*.salesforceliveagent.com https://container.pepperjam.com https://www.rtb123.com https://connect.facebook.net https://www.gstatic.com https://*.klarnaservices.com https://*.googleapis.com https://*.affirm.com https://*.google.com https://js-agent.newrelic.com https://bam.nr-data.net *.klevu.com *.ksearchnet.com cdn1.stamped.io stamped.io maps.googleapis.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com https://*.force.com https://*.salesforce.com https://*.salesforceliveagent.com https://cdnjs.cloudflare.com https://cdn-images.mailchimp.com https://imgs.signifyd.com https://*.klarnacdn.net https://*.klarnaservices.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com cdn1.stamped.io stamped.io *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.force.com https://*.salesforce.com https://*.salesforceliveagent.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bt.signifyd.com:11103 https://*.klarnaservices.com https://*.affirm.com https://*.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net *.klevu.com *.ksearchnet.com cdn1.stamped.io stamped.io *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' pxlfsn.co www.google-analytics.com maps.googleapis.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 2 font-src maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' *; media-src 'self' * data: ; font-src 'self' * data: ; img-src 'self' data: blob: *; script-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' *; worker-src 'self' * blob: ; report-uri /api/csp-violation 2 default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck-partnerprogramm.de/csp-violation-ezmd9dpdxv7nb0ecejb9/ 2 report-uri https://r4com.report-uri.io/r/default/csp/reportOnly 2 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' cdnjs.cloudflare.com kit.fontawesome.com apps.elfsight.com static.elfsight.com cdn.usebootstrap.com *.cloudmaestro.com www.gstatic.com www.google-analytics.com www.google.com; report-uri /.webscale/csp-report 2 default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src https:; style-src 'unsafe-inline' https:; img-src https:; media-src https:; frame-src https:; font-src https: data:; connect-src https:; report-uri /report-csp-violation 2 default-src 'self' blob: data: https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com/ https://*.getbeyond.com https://*.pardot.com/ https://www.youtube.com/ https://beyondinc.applytojob.com/ https://beyondinc.applytojob.com/ https://player.vimeo.com/ https://vars.hotjar.com/ https://bid.g.doubleclick.net https://*.getbeyond.com https://*.pardot.com https://www.facebook.com/; img-src 'self' blob: data: https://p.adsymptotic.com/ https://*.vimeocdn.com https://*.google.pl/ https://*.google.com/ https://*.google.co.uk/ https://*.google.ca/ https://secure.gravatar.com/avatar/b54d075628d2fd50c2c02e292b3a2d22 https://www.google.pl/pagead/1p-conversion/* https://stats.g.doubleclick.net/ https://i.ytimg.com https://*.getbeyond.com https://cdnjs.cloudflare.com/ajax/ https://www.facebook.com/tr/ https://px.ads.linkedin.com/ https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com/ https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.facebook.com/tr/; font-src 'self' data: https://script.hotjar.com/ https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://static.juicer.io/ https://cdnjs.cloudflare.com/ajax/ https://static.juicer.io/ https://fonts.googleapis.com https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/ https://*.google.co.uk/ https://*.google.ca/ https://widget.instabot.io/jsapi/rokoInstabot-widget.js https://widget.instabot.io/jsapi/rokoInstabot.js https://widget.instabot.io/jsapi/rokoInstabot.js* https://cdn.freshmarketer.com/750149/1801092.js https://acsbapp.com/apps/app/dist/js/app.js https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://www.googleadservices.com https://s.ytimg.com https://www.youtube.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.getbeyond.com https://www.google-analytics.com https://www.googletagmanager.com https://*.hotjar.com https://cdnjs.cloudflare.com/ https://assets.juicer.io/ https://www.googletagmanager.com https://cdn.jsdelivr.net https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://pi.pardot.com; style-src 'self' 'unsafe-inline' https://1zn7z42pxhyz9tgb012bid3r-wpengine.netdna-ssl.com https://assets.juicer.io/ https://tagmanager.google.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; connect-src 'self' https://*.google.com/ https://*.google.co.uk/ https://*.google.ca/ https://*.facebook.com https://stats.g.doubleclick.net/j/collect https://widget.instabot.io/jsapi/rokoInstabot-widget.js https://src.freshmarketer.com https://livechat.instabot.io/clientlogin https://google.com/ads/ https://widgetapi.instabot.io https://src.freshmarketer.com/sr https://cdn.acsbapp.com/cache/app/getbeyond.com/config.json https://cdn.acsbapp.com/cache/app/en.build.json https://cdn.acsbapp.com/cache/app/en.build.json https://widgetapi.instabot.io/plugins.js* https://www.google-analytics.com; object-src 'none'; report-uri https://my.getbeyond.com/csp-report; 2 base-uri 'self'; default-src 'none'; child-src 'none'; connect-src 'self' https://widget.marktjagd.de https://spotlight.offerista.com https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.datadome.co http://*.datadome.co *.datadome.co https://*.explorr.net http://*.explorr.net *.explorr.net; font-src 'self' https://fonts.gstatic.com https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.explorr.net http://*.explorr.net *.explorr.net https://widget.marktjagd.de https://spotlight.offerista.com; form-action 'self'; img-src 'self' https://* http://* * data:; object-src 'none'; script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.datadome.co http://*.datadome.co *.datadome.co https://*.explorr.net http://*.explorr.net *.explorr.net https://widget.marktjagd.de https://spotlight.offerista.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com/css https://*.marktjagd.de http://*.marktjagd.de *.marktjagd.de https://*.explorr.net http://*.explorr.net *.explorr.net https://widget.marktjagd.de https://spotlight.offerista.com 'unsafe-inline'; report-uri /csprep.php; 2 font-src *.gstatic.com data: *.fontawesome.com static.olark.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://checkout-sandbox.getbread.com https://checkout.getbread.com https://api-preview.platform.breadpayments.com https://api.platform.breadpayments.com https://api-preview.rbc.breadpayments.com https://api.rbcpayplan.com static.olark.com *.facebook.com *.pinterest.com *.addthis.com *.doubleclick.net *.yotpo.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com store.paradoxlabs.com *.pinterest.com *.olark.com *.googleadservices.com *.google.com *.google.com.vn *.doubleclick.net *.bing.com *.clarity.ms cdn.innovolifestyles.com cdn.logfurnitureplace.com cdn.woodlandcreekfurniture.com innovolifestyles.com logfurnitureplace.com woodlandcreekfurniture.com *.facebook.net *.googletagmanager.com *.yotpo.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://checkout-sandbox.getbread.com/bread.js https://checkout.getbread.com/bread.js https://connect-preview.breadpayments.com/sdk.js https://connect.breadpayments.com/sdk.js https://connect-preview.rbc.breadpayments.com/sdk.js https://connect.rbcpayplan.com/sdk.js https://cdn.polyfill.io https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.facebook.net *.authorize.net *.dotdigital-pages.com *.yotpo.com *.klaviyo.com *.getbread.com s.pinimg.com *.olark.com *.addthis.com z.moatads.com v1.addthisedge.com *.bing.com www.gstatic.com *.clarity.ms *.doubleclick.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com https://static.klaviyo.com *.fontawesome.com static.olark.com *.klaviyo.com s.pinimg.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://checkout-sandbox.getbread.com https://checkout.getbread.com https://api-preview.rbc.breadpayments.com https://api.rbcpayplan.com https://api-preview.platform.breadpayments.com https://api.platform.breadpayments.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.yotpo.com ct.pinterest.com *.klaviyo.com knrpc.olark.com *.googleadservices.com *.google.com *.doubleclick.net *.clarity.ms *.addthis.com *.googleapis.com *.googletagmanager.com *.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.addtoany.com *.webotit.ai gjigle.com https://d1di987mdgym2l.cloudfront.net *.clic2buy.com *.criteo.com *.googlesyndication.com *.sendcloud.sc *.jsdelivr.net *.nosto.com *.nos.to s3-eu-west-1.amazonaws.com *.front.ecard.pledg.co front.ecard.pledg.co hooks.stripe.com *.trustpilot.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.etsystatic.com *.boticinal.com *.powersante.com gjigle.com *.bazaarvoice.com *.kelkoogroup.net *.bing.com *.google.com *.google.fr *.clarity.ms *.rubiconproject.com *.ads.yieldmo.com *.tremorhub.com *.outbrain.com *.taboola.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.casalemedia.com *.teads.tv *.media.net *.adform.net *.omnitagjs.com *.sharethrough.com *.ivitrack.com *.stickyadstv.com *.mediavine.com *.smaato.net *.doubleclick.net *.advertising.com *.yahoo.com *.adnxs.com *.liadm.com *.dmxleo.com *.criteo.com *.commerce-connectoer.com *.perfmaker.net *.bidswitch.net *.rlcdn.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.yieldlab.net *.smartclip.net *.twiago.com *.krxd.net *.adscale.de id5-sync.com *.thebrighttag.com *.sc.omtrdc.net *.demdex.net *.amazonaws.com *.nosto.com *.nos.to data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.privacy-center.org notifpush.com *.addtoany.com *.hipay-tpp.com *.hipay.com *.newrelic.com *.bazaarvoice.com *.cloudfront.net *.webotit.ai *.spockee.io *.kk-resources.com *.nr-data.net *.criteo.com *.criteo.net *.carts.guru *.bing.com *.elitrack.com *.clic2buy.com *.doubleclick.net *.clarity.ms *.googlesyndication.com *.perfmaker.net *.googleoptimize.com *.emxdgt.com *.weglot.com *.datadoghq-browser-agent.com *.sendcloud.sc *.jsdelivr.net *.nosto.com *.nos.to s3-eu-west-1.amazonaws.com *.front.ecard.pledg.co *.trustpilot.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.weglot.com *.sendcloud.sc *.jsdelivr.net *.nosto.com *.nos.to *.trustpilot.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com notifpush.com *.zendesk.com *.zdassets.com *.trustpilot.com *.nr-data.net *.spockee.io https://s.kelkoogroup.net *.doubleclick.net *.notifadz.com *.clarity.ms *.criteo.com *.criteo.net *.carts.guru gjigle.com *.weglot.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.nosto.com *.nos.to s3-eu-west-1.amazonaws.com *.front.ecard.pledg.co 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.fontawesome.com *.artdeco.com *.artdeco.de *.bootstrapcdn.com *.heidelpay.com 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.nosto.com *.nos.to *.google.com *.ratepay.com *.pay1.de *.heidelpay.com *.jsctool.com *.trbo.com *.hotjar.com *.redintelligence.net ad4m.at *.ad4m.at *.ad-srv.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://www.mollie.com *.nosto.com *.nos.to *.artdeco.com *.artdeco.de *.usercentrics.eu *.trustedshops.com *.outbrain.com 'self' data: *.googletagmanager.com *.pay1.de *.tiktok.com *.pinterest.com *.facebook.com *.google.com *.google.de *.adserver01.de *.adition.com *.taboola.com ad4m.at *.ad4m.at *.creative-serving.com *.doubleclick.net *.adsrvr.org *.adscale.de *.onaudience.com *.smartadserver.com *.pubmatic.com *.casalemedia.com *.twiago.com *.exelator.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com js.mollie.com *.nosto.com *.nos.to *.sitesearch360.com *.semknox.com *.artdeco.com *.artdeco.de *.b-ite.com *.usercentrics.eu *.googletagmanager.com *.getflowbox.com *.trustedshops.com *.google.com *.gstatic.com *.outbrain.com *.pay1.de *.ratepay.com *.heidelpay.com *.trbo.com *.hotjar.com *.facebook.net *.tiktok.com *.scarabresearch.com *.pinimg.com *.dwin1.com *.taboola.com ad4m.at *.ad4m.at *.teads.tv 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.nosto.com *.nos.to *.bootstrapcdn.com *.artdeco.com *.artdeco.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.flbx.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://*.ingest.sentry.io *.nosto.com *.nos.to *.sitesearch360.com *.semknox.com *.artdeco.com *.artdeco.de *.usercentrics.eu *.google-analytics.com *.ratepay.com *.heidelpay.com *.scarabresearch.com *.pinterest.com *.tiktok.com *.doubleclick.net *.hotjar.com *.taboola.com *.getflowbox.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; report-uri https://utqgstu2.uriports.com/reports/report; report-to default 2 font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com tvape.com torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de *.olark.com cdn.tvape.fr *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.google.com accounts.google.com *.canadapost.ca https://sso.epost.ca *.purolator.com hubspot.com forms.hubspot.com hsforms.net forms.hsforms.com hsforms.com js.hsforms.net stonersguardian.com api.payengine.de payengine.de signin.ebay.com auth.ebay.com ebay.com www.ebay.com *.cardinalcommerce.com tvape.de *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.google.com accounts.google.com *.meetanshi.com *.purolator.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://hosted.paysafe.com *.sendcloud.sc iframe.videodelivery.net static.olark.com tracking.sezzle.com online.fliphtml5.com r1.dotmailer-surveys.com pp.payengine.de hsforms.net forms.hsforms.com js.hsforms.net dpm.demdex.net demdex.net youtu.be youtube.com stonersguardian.com api.payengine.de payengine.de vimeo.com 20813811p.rfihub.com *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.klarna.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.klevu.com *.ksearchnet.com www.google.com accounts.google.com mageside.com *.canadapost.ca *.googleapis.com *.gstatic.com *.meetanshi.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com customer-upskkbfxkf3xe5cz.cloudflarestream.com tvape.co.uk verify.bluecheck.me torontovaporizer.ca cdn.torontovaporizer.ca tvape.com stats.g.doubleclick.net maps.gstatic.com d3svog4tlx445w.cloudfront.net static.olark.com log.olark.com media.sezzle.com www.googletagmanager.com maps.googleapis.com js.hsforms.net hsforms.net forms.hsforms.com perf.hsforms.com forms.hubspot.com *.tvape.com demdex.net chart.googleapis.com stonersguardian.com api.payengine.de payengine.de r1-t.trackedlink.net img.onesignal.com *.cardinalcommerce.com js.klevu.com x.klarnacdn.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com js.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.googleapis.com *.google.com *.gstatic.com *.meetanshi.com *.purolator.com connect.facebook.net twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://hosted.paysafe.com https://api.test.paysafe.com https://api.paysafe.com https://songbirdstag.cardinalcommerce.com embed.sendcloud.sc www.youtube.com cdn.jsdelivr.net embed.cloudflarestream.com embed.videodelivery.net knrpc.olark.com static.cloudflareinsights.com maps.googleapis.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net www.gstatic.com r1-t.trackedlink.net c1.rfihub.net a.rfihub.net pp.payengine.de static.olark.com assets.olark.com api.olark.com a.optnmstr.com widget.sezzle.com r1.dotmailer-surveys.com g1782759016.co js.hsforms.net hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com ajax.cloudflare.com api.payengine.de payengine.de g594253005.co verify.bluecheck.me g1782759015.co.de g1782759015.co cdn.onesignal.com onesignal.com bam.nr-data.net *.cardinalcommerce.com script.crazyegg.com cdn.noibu.com cdn4.mxpnl.com *.mxpnl.com *.mantisadnetwork.com g594253006.co *.crazyegg.com *.newrelic.com *.klarnacdn.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline static.olark.com media.sezzle.com fonts.googleapis.com hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com api.payengine.de payengine.de accounts.google.com onesignal.com cdn.tvape.fr verify.bluecheck.me *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com tvape.co.uk torontovaporizer.ca static.olark.com cdn.torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de cdn.tvape.fr *.cardinalcommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://api.test.paysafe.com https://api.paysafe.com region1.google-analytics.com *.crazyegg.com knrpc.olark.com api.omappapi.com geoip.sezzle.com media.sezzle.com *.googleapis.com stats.g.doubleclick.net developer.google.com hsforms.net forms.hsforms.com demdex.net stonersguardian.com api.payengine.de payengine.de bam.nr-data.net onesignal.com *.cardinalcommerce.com cdn.noibu.com script.crazyegg.com input.noibu.com *.noibu.com wss://input.noibu.com/pv_part verify.bluecheck.me *.bluecheck.me cdn4.mxpnl.com *.mxpnl.com api-js.mixpanel.com *.mixpanel.com *.paypal.com *.amazonaws.com *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://torontovaporizer.ca/; report-to report-endpoint; 2 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=communities 2 default-src 'none'; script-src 'report-sample' 'unsafe-eval' 'unsafe-inline' 'self' https://app.usercentrics.eu https://cdn.attractify.io https://dev.visualwebsiteoptimizer.com https://script.hotjar.com https://static.hotjar.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com widgets.trustedshops.com http://cdn2.spatialbuzz.com https://cdn2.spatialbuzz.com https://fonicchat.novomind.com; style-src 'report-sample' 'self' 'unsafe-inline' https://app.usercentrics.eu https://tagmanager.google.com https://fonts.googleapis.com; object-src 'self'; base-uri 'self'; connect-src 'self' https://sentry.fonic.de https://aggregator.service.usercentrics.eu https://api.usercentrics.eu https://graphql.usercentrics.eu https://in.hotjar.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io *.google-analytics.com *.analytics.google.com analytics.google.com https://fonic-iq.novomind.com http://cdn2.spatialbuzz.com https://cdn2.spatialbuzz.com https://api.attractify.io widgets.trustedshops.com https://api.trustedshops.com https://shops-si.trustedshops.com https://trustbadge.api.etrusted.com https://api.trustbadge.etrusted.com https://api/maintenance_mode https://stats.g.doubleclick.net https://www.google.de https://www.google.at https://www.google.ch; font-src 'self' script.hotjar.com https://fonts.gstatic.com data:; frame-src 'self' https://app.usercentrics.eu https://vars.hotjar.com http://cdn2.spatialbuzz.com https://cdn2.spatialbuzz.com https://fonicchat.novomind.com; img-src 'self' data: https://app.usercentrics.eu https://handyshop.fonic.de https://shop.fonic-mobile.de https://dev.visualwebsiteoptimizer.com *.google-analytics.com *.analytics.google.com http://cdn2.spatialbuzz.com https://cdn2.spatialbuzz.com https://widgets.trustedshops.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.de https://www.google.at https://www.google.ch; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://sentry.fonic.de/api/2/security/?sentry_key=38cf201186774063918a253e28caadce 2 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: bat.bing.com cdn.callreports.com googleads.g.doubleclick.net js.callrail.com res.cloudinary.com s3.amazonaws.com secure.leadforensics.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net secure.leadforensics.com www.woodlandmanufacturing.com www.googleadservices.com *.pinimg.com connect.facebook.net *.gstatic.com *.wistia.com *.olark.com *.nextopiasoftware.com *.flattr.com *.trustpilot.com g.microsoft.com 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 2 default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com; style-src 'self' 'unsafe-inline' pg-ws-ggz.widget.custhelp.com 2 default-src *; connect-src 'self' https://api-iam.intercom.io/ https://rs.fullstory.com/ https://firebase.googleapis.com/ https://analytics.tiktok.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://firebaseinstallations.googleapis.com https://ka-p.fontawesome.com/releases/ *.ingest.sentry.io/ wss://nexus-websocket-a.intercom.io/ http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com wss://fintual.cl wss://fintual.mx; font-src 'self' https://fonts.gstatic.com/ https://js.intercomcdn.com/fonts/ https://ka-p.fontawesome.com/ https://maxst.icons8.com/vue-static/landings/line-awesome/ http://script.hotjar.com https://script.hotjar.com; frame-src https://vars.hotjar.com https://bid.g.doubleclick.net/ https://www.google.com https://tpc.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://edge.fullstory.com/ https://analytics.tiktok.com/ https://code.upscope.io https://googleads.g.doubleclick.net/ https://js.intercomcdn.com/ https://js.fintoc.com https://kit.fontawesome.com https://static.ads-twitter.com https://analytics.twitter.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://widget.intercom.io/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.google.com/pagead https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://maxst.icons8.com/vue-static/landings/line-awesome/ https://unpkg.com/vueperslides/dist/vueperslides.css https://unpkg.com/vueperslides@2.15.0/dist/vueperslides.css; report-uri /csp_report 2 default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; object-src 'self'; frame-src 'self'; 2 report-uri https://fathom.report-uri.com/r/t/csp/wizard; default-src 'none'; form-action 'none'; object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 2 font-src *.abtasty.com *.zipmoney.com.au *.klarnacdn.net *.stockinstore.net *.akamaihd.net olapic-data.s3.amazonaws.com calvinklein.com.au data: *.gstatic.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.googletagmanager.com *.google.com *.doubleclick.net *.hotjar.com *.pmnts.io *.pmnts-sandbox.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.abtasty.com *.facebook.com *.pmnts.io *.pmnts-sandbox.io *.klarna.com *.force.com *.pinterest.com *.clearpay.co.uk *.afterpay.com tr.snapchat.com/ display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com/ https://www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.doubleclick.net *.vimeo.com *.hotjar.com *.clickmeter.com wss://*.hotjar.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://static.afterpay.com https://site-assets.afterpay.com/ *.abtasty.com *.turn.com *.bazaarvoice.com *.amgdgt.com *.photorank.me z2photorankmedia-a.akamaihd.net *.presage.io *.teads.tv *.adsrvr.org *.adnxs.com *.tommy.com *.klarna.com *.klarnaevt.com *.klarnacdn.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarnaservices.com https://www.magezon.com *.pinterest.com *.facebook.com *.facebook.com/tr *.google.com *.google.com.au www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.roymorgan.com *.doubleclick.net *.facebook.net *.googleapis.com *.gstatic.com *.zipmoney.com.au *.googletagmanager.com *.imgix.net t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.abtasty.com *.cloudfront.net *.cloudflare.com *.facebook.net *.tiktok.com *.zdassets.com *.tommy.com *.calvinklein.com.au *.luckyorange.net *.particularaudience.com *.stockinstore.net *.akamaihd.net *.teads.tv *.force.com sc-static.net *.salesforceliveagent.com *.adnxs.com *.trurating.com *.vanheusen.com.au *.pmnts.io *.klarna.com *.klarnacdn.net apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.klarnaservices.com s7.addthis.com *.google.com *.googletagmanager.com *.google.com.au *.pmnts-sandbox.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.afterpay.com *.doubleclick.net *.pinimg.com *.cfjump.com *.roymorgan.com *.forter.com *.usabilla.com wss://widget-mediator.zopim.com *.hotjar.com *.attraqt.io *.newrelic.com *.js-agent.newrelic.com *.nr-data.net *.braintreegateway.com *.cardinalcommerce.com *.ccdc02.com *.ytimg.com *.googleadservices.com *.google-analytics.com *.zipmoney.com.au *.gstatic.com *.googleapis.com *.paypalobjects.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.bazaarvoice.com *.stockinstore.net *.klarnacdn.net *.akamaihd.net *.force.com display.ugc.bazaarvoice.com unsafe-inline *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.luckyorange.net *.zendesk.com *.particularaudience.com *.tiktok.com stockinstore.net *.stockinstore.net *.cloudfront.net *.klarnaevt.com *.klarnacdn.net *.akamaihd.net zendesk-eu.my.sentry.io *.teads.tv *.snapchat.com *.amplitude.com *.clearpay.co.uk *.afterpay.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klarna.com *.klarnaservices.com ekr.zdassets.com/ *.pinterest.com *.google.com *.google.com.au api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com *.forter.com wss://*.zopim.com *.doubleclick.net *.attraqt.io *.zipmoney.com.au *.hotjar.io wss://*.hotjar.com *.zip.co *.nr-data.net *.hotjar.com *.trurating.com *.analytics.tiktok.com wss://*.forter.com *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: http: https: blob: 'self' 'unsafe-inline'; default-src *.abtasty.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com acuityplatform.com ajax.googleapis.com cdn.onesignal.com dynamic.cannedbanners.com js-agent.newrelic.com nsg.symantec.com onesignal.com seal.godaddy.com *.freedommunitions.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com acuityplatform.com bam.nr-data.net maps.google.com pixel.mathtag.com a2.adform.net 279-ct.c3tag.com maps.googleapis.com; report-uri /.webscale/csp-report 2 frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; report-uri https://sentry.brandsight.com/api/25/security/?sentry_key=d2a6cc459b0c48dd91884e7063bbddb4 script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com 'sha256-0GmZYAqaqzetS+w1EyLdzTxUer98JQtlleth+bhMzm4=' 'sha256-h4kRXx7uh9BDCM48lIeC8OTw0+lUQIlD+u3Rsxo8ixg='; 2 block-all-mixed-content 2 default-src 'self' *.sixflags.com *.laronde.com *.sixflags.com.mx *.6flags.com 'unsafe-inline' 'unsafe-eval' data: blob: *.wistia.net *.wistia.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss:// acsbapp.com *.acsbapp.com cdn.acsbapp.com *.convertexperiments.com *.evgnet.com sc-static.net *.cloudflare.com *.cloudflareinsights.com *.cloudflareaccess.com *.googletagmanager.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.googlesyndication.com *.safeframe.googlesyndication.com www.googletagservices.com *.googleapis.com *.doubleclick.net *.g.doubleclick.net googleads.g.doubleclick.net *.fls.doubleclick.net *.google.com *.google.ca www.google.ca *.google.com.mx www.google.com.mx *.gstatic.com ups.analytics.yahoo.com bat.bing.com sixflags.us-4.evergage.com www.facebook.com *.facebook.net *.pardot.com *.akamaihd.net *.snapchat.com *.twitter.com *.livechatinc.com *.qualaroo.com js.adsrvr.org *.pbbl.co aa.agkn.com *.amgdgt.com dpm.demdex.net pixel.advertising.com www.youtube.com *.youtube.com *.ytimg.com *.freshdesk.com *.queue-it.net *.litix.io ;report-uri https://2850d87804f5002588a978dd8512ca22.report-uri.com/r/d/csp/wizard; 2 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; form-action 'self' 2 default-src 'unsafe-inline' 'unsafe-eval' data: https:; 2 font-src fonts.gstatic.com use.typekit.net data: *.stamped.io *.resultspage.com *.zopim.com *.resultsdemo.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.youtube.com *.livechatinc.com *.paypal.com pay.google.com *.braintreegateway.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.kaptcha.com www.paypalobjects.com *.affirm.com *.dotdigital-pages.com *.criteo.com *.criteo.net *.dotmailer-surveys.com/ *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io *.demdex.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io * www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com f.vimeocdn.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com maps.googleapis.com maps.gstatic.com connect.facebook.net www.google.com *.googletagmanager.com http://translate.google.com translate.googleapis.com www.gstatic.com includes.ccdc02.com static.zdassets.com cdn.inspectlet.com *.stamped.io *.livechatinc.com *.userway.org *.paypal.com pay.google.com www.klarnapayments.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.affirm.com *.routeapp.io *.resultspage.com *.nosto.com *.dotdigital-pages.com *.zopim.com *.clarity.ms *.criteo.com *.criteo.net *.bing.com *.doubleclick.net *.trackedlink.net *.pcapredict.com *.dotmailer-surveys.com/ *.resultsdemo.com *.newrelic.com *.postcodeanywhere.co.uk/ *.nr-data.net *.cloudfront.net *.google.bg *.facebook.com *.facebook.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com graph.facebook.com *.trackedweb.net cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.googleapis.com *.stamped.io www.klarnapayments.com *.resultspage.com *.resultsdemo.com *.postcodeanywhere.co.uk/ *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net static.zdassets.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.adobe.io performance.typekit.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.paypal.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.authorize.net ekr.zdassets.com *.zendesk.com *.zopim.com hn.inspectlet.com stamped.io *.braintree-api.com *.braintreegateway.com *.livechatinc.com *.userway.org graph.instagram.com *.affirm.com *.route.com wss://widget-mediator.zopim.com *.clarity.ms *.google-analytics.com *.doubleclick.net *.postcodeanywhere.co.uk/ *.nr-data.net *.facebook.com *.facebook.net *.google.com *.bing.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.roundcubeplus.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: http: https:; font-src 'self' data: http: https:; media-src 'self'; report-uri /csp-report; 2 default-src 'self'; img-src 'self' data:secure.gravatar.com; script-src 'unsafe-inline'; style-src 'unsafe-eval'; 2 font-src fonts.gstatic.com data: fonts.googleapis.com *.klarnacdn.net googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.commerce-connector.com *.typekit.net */csp/report/uri/ *.hotjar.com *.hotjar.io *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.google.com *.mercadolibre.com *.gstatic.com *.facebook.com *.bluesnap.com *.kaptcha.com *.adsrvr.org *.hotjar.com *.hotjar.io */csp/report/uri/ *.hubspot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobedtm.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net addevent.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.essentialaccessibility.com *.wahlanimal.com s.ytimg.com *.google.com *.google.com.mx *.google-analytics.com *.facebook.com ct.pinterest.com bat.bing.com *.google.co.in *.cloudflare.com *.wahlclipper.com *.powerreviews.com *.googletagmanager.com *.cloudfront.net *.webcollage.net *.syndigo.cloud *.postcodeanywhere.co.uk */csp/report/uri/ *.reddit.com *.hsforms.com *.hubspot.com *.google.com.in *.payments-amazon.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnaservices.com *.google-analytics.com addevent.com 'self' data: *.avada.io *.mlstatic.com *.mercadopago.com *.powerreviews.com *.google.com *.newrelic.com js-agent.newrelic.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js connect.facebook.net bat.bing.com *.googleoptimize.com https://www.googleoptimize.com/optimize.js *.trustedsite.com *.cloudflare.com *.twitter.com *.fontawesome.com *.nr-data.net *.wahlclipper.com *.googleapis.com *.jsdelivr.net *.bluesnap.com *.webcollage.net *.syndigo.com *.adsrvr.org *.hotjar.com *.hotjar.io *.pcapredict.com *.postcodeanywhere.co.uk *.commerce-connector.com *.amazonaws.com/ */csp/report/uri/ *.redditstatic.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.usemessages.com *.hs-analytics.net *.kaptcha.com *.hsadspixel.net *.hsleadflows.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net getfirebug.com googleapis.com addevent.com *.googleapis.com *.fontawesome.com *.powerreviews.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.cloudflare.com *.bootstrapcdn.com *.wahlclipper.com *.jsdelivr.net *.postcodeanywhere.co.uk *.commerce-connector.com *.typekit.net */csp/report/uri/ unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnaservices.com maps.googleapis.com/ https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com stats.g.doubleclick.net ct.pinterest.com *.google-analytics.com *.whatcounts.com siteanalytics.whatcounts.com https://siteanalytics.whatcounts.com *.amazonaws.com/ api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.amazonaws.com *.yotpo.com *.cloudflare.com *.powerreviews.com *.nr-data.net *.wahlclipper.com *.syndigo.com *.postcodeanywhere.co.uk wss://ws41.hotjar.com *.commerce-connector.com */csp/report/uri/ *.facebook.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.googleapis.com *.hubspot.com *.hubapi.com *.hs-banner.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2 font-src fonts.googleapis.com fonts.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.pinterest.com *.pinterest.es hal9000.redintelligence.net https://plumrocket.com https://accounts.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudfront.net www.google.es *.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net *.onetrust.com *.openstreetmap.org *.pinterest.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.gstatic.com *.googletagmanager.com *.google-analytics.com *.pinimg.com *.marvellousmachine.net js-agent.newrelic.com bam.nr-data.net cdn.connectif.cloud geoip-js.com *.onetrust.com *.mczbf.com https://accounts.google.com https://www.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com fonts.gstatic.com https://accounts.google.com https://www.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com stats.g.doubleclick.net *.paypal.com bam.nr-data.net geoip-js.com *.connectif.cloud *.onetrust.com *.pinterest.com *.mczbf.com https://accounts.google.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src www.searchanise.com *.searchserverapi.com https://cdn.checkout.com *.useinsider.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.searchanise.com *.searchserverapi.com *.twitter.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.checkout.com *.klarna.com *.dotdigital-pages.com *.dotdigital.com *.useinsider.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.useinsider.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.facebook.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.checkout.com *.klarnacdn.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.useinsider.com *.klarna.com *.klarnaservices.com *.googletagmanager.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com https://cdn.checkout.com *.useinsider.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.useinsider.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.amplitude.com stats.g.doubleclick.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://js.checkout.com *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.useinsider.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.google-analytics.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 upgrade-insecure-requests 2 default-src * data: 'unsafe-inline'; 2 font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.vimeo.com *.texdecor.test *.texdecor.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.texdecor.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.instagram.com *.texdecor.test *.texdecor.com *.fact-finder.fr www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: https://www.gstatic.com https://fonts.gstatic.com www.level1.com www.conceptronic.net www.equip-info.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.facebook.com www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; frame-ancestors www.level1.com www.conceptronic.net www.equip-info.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ cdn.dnky.co *.hotjar.com https://www.google.com *.facebook.com *.trustpilot.com *.criteo.com www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com www.googleadservices.com www.google-analytics.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net www.level1.com www.conceptronic.net www.equip-info.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googleadservices.com www.google-analytics.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com https://www.google.com https://www.gstatic.com www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; object-src www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; manifest-src www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; child-src www.level1.com www.conceptronic.net www.equip-info.net http: https: blob: 'self' 'unsafe-inline'; default-src www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.level1.com www.conceptronic.net www.equip-info.net 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 2 font-src fonts.gstatic.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.google.com https://googleads.g.doubleclick.net https://assets.braintreegateway.com https://*.kaptcha.com https://vars.hotjar.com https://c.paypal.com https://c.sandbox.paypal.com https://home-c56.nice-incontact.com https://ez-prints.sjv.io https://target-prints.pxf.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.twitter.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://stats.g.doubleclick.net https://www.google.com https://s3.amazonaws.com https://*.ezprints.com https://*.targetphoto.com https://*.michaelsphotogifts.com https://*.ezpstore.com https://maps.gstatic.com https://bat.bing.com https://maps.googleapis.com/ https://*.stats.paypal.com https://cdn.klarna.com https://c.paypal.com https://c.sandbox.paypal.com https://*.clarity.ms https://ez-prints.sjv.io https://target-prints.pxf.io https://www.ojrq.net https://logs-01.loggly.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://bat.bing.com https://ajax.cloudflare.com https://www.googleadservices.com https://*.hotjar.com https://*.paypal.com https://*.braintreegateway.com/ https://*.clarity.ms https://home-c56.nice-incontact.com https://*.ezpstore.com https://*.ezprints.com https://*.targetphoto.com https://*.michaelsphotogifts.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://d.impactradius-event.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com tagmanager.google.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net unsafe-inline *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://www.google-analytics.com https://*.sandbox.braintree-api.com https://*.braintree-api.com https://client-analytics.braintreegateway.com https://stats.g.doubleclick.net/ https://*.hotjar.com wss://*.hotjar.com https://www.paypal.com https://maps.googleapis.com https://*.clarity.ms https://*.ezpstore.com https://*.ezprints.com https://*.targetphoto.com https://*.michaelsphotogifts.com https://ez-prints.sjv.io https://target-prints.pxf.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com https://css.zohocdn.com/ https://d19ayerf5ehaab.cloudfront.net/ https://d1azc1qln24ryf.cloudfront.net/ https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com/ https://0merchantacsstag.cardinalcommerce.com/ https://1merchantacsstag.cardinalcommerce.com/ 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://widget.reviews.co.uk/ https://gum.criteo.com/ https://vars.hotjar.com/ https://www.paypalobjects.com/ https://c.sandbox.paypal.com/ https://tst.kaptcha.com/ https://www.google.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.google.com/ https://www.google.co.uk/ https://bat.bing.com/ https://www.facebook.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://cm.g.doubleclick.net/ https://r.casalemedia.com/ https://ad.360yield.com/ https://contextual.media.net/ https://exchange.mediavine.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://pixel.rubiconproject.com/ https://match.sharethrough.com/ https://sync-t1.taboola.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://ups.analytics.yahoo.com/ https://ad.yieldlab.net/ https://cm.adform.net/ https://visitor.omnitagjs.com/ https://gum.criteo.com/ https://id5-sync.com/ https://ad.sxp.smartclip.net/ https://criteo-partners.tremorhub.com/ https://sync-criteo.ads.yieldmo.com/ https://dis.criteo.com/ https://beacon.krxd.net/ https://s.thebrighttag.com/ https://rtb-csync.smartadserver.com/ https://widget.eu.criteo.com/ https://assets.reviews.io/ https://matching.ivitrack.com/ https://www.lyco.co.uk/ https://uat.lyco.co.uk/ https://c.sandbox.paypal.com/ https://services.postcodeanywhere.co.uk/ https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com bat.bing.com https://connect.facebook.net/ https://static.criteo.net/ https://widget.reviews.co.uk/ https://salesiq.zoho.eu/ https://analytics.webgains.io/ https://googleads.g.doubleclick.net/ https://www.clarity.ms/ https://static.hotjar.com/ https://script.hotjar.com/ https://sslwidget.criteo.com/ https://js-agent.newrelic.com/ https://js.zohocdn.com/ https://bam.nr-data.net/ https://widget.eu.criteo.com/ https://v2.zopim.com/ https://static.zdassets.com/ https://ekr.zdassets.com/ https://lycod11120.pcapredict.com/ https://services.postcodeanywhere.co.uk/ https://track.webgains.com/ https://songbirdstag.cardinalcommerce.com/ https://www.google.com https://www.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com unsafe-inline https://css.zohocdn.com/ https://widget.reviews.co.uk/ https://d19ayerf5ehaab.cloudfront.net/ https://d1azc1qln24ryf.cloudfront.net/ https://services.postcodeanywhere.co.uk/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://stats.g.doubleclick.net/ https://l.clarity.ms/ https://salesiq.zoho.eu/ wss://vts.zohopublic.eu/ https://bam.nr-data.net/ https://salesiq.zohopublic.eu/ https://vts.zohopublic.eu/ https://api-cache.reviews.co.uk/ https://*.hotjar.com/ https://api.reviews.co.uk/ https://k.clarity.ms/ https://ws36.hotjar.com/ https://a.clarity.ms/collect https://region1.analytics.google.com/ https://in.hotjar.com/ https://vc.hotjar.io/ wss://*.hotjar.com/ https://api.reviews.io/ https://services.postcodeanywhere.co.uk/ https://api.webgains.io/ https://kg668dbov0.execute-api.us-east-1.amazonaws.com/ https://writer.cardinalcommerce.com/ https://m1.openfpcdn.io/ https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; object-src 'none';img-src 'self' https://*.greenwheels.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.facebook.com data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com ;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com ; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; connect-src 'self' https://*.greenwheels.com https://www.google-analytics.com; frame-src https://*.greenwheels.com https://*.smartlook.com https://*.smartlook.cloud ; script-src 'self' 'unsafe-inline'; script-src-elem * 'self' https://*.smartlook.com https://*.smartlook.cloud 'nonce-randomlyGeneratedBase64Nonce' 'sha256-n/7gbCw+WmsD7F/+39VVixTYgKohObbo81AF86hI5vM=' 'sha256-6LznYDacT/3QgJvp0yiCfqUoy+XE5QloY8gZDhPtlPQ=' 'sha256-ruDyYgAnz/D7ohQLeFlVNQ7gRvg/K1NqaL/s8UgrOOg=' 'unsafe-eval'; worker-src 'self' blob: 2 sandbox allow-scripts allow-same-origin allow-popups allow-downloads allow-forms allow-modals 2 base-uri 'self';font-src 'self';form-action 'self';img-src 'self' https://www.googletagmanager.com https://www.google.com.au https://www.google.co.nz https://www.facebook.com;media-src 'self';object-src;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://booking.kiwirailscenic.co.nz/ https://www.googletagmanager.com https://www.google-analytics.com/ https://script.crazyegg.com/ https://static.hotjar.com https://script.hotjar.com https://www.youtube.com;report-uri https://report-to-api.raygun.com/reports-csp?apikey=poMK7TNoi9H6KWPeQVtkvQ; 2 connect-src https://auth.sdc.dk https://api-proxy-neos.sdc.eu https://azure-sign-p1.sdc.dk https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://*.sdc.dk/ https://*.sdc.eu/ https://api.cludo.com https://consent.app.cookieinformation.com https://dc.services.visualstudio.com/ https://policy.app.cookieinformation.com https://vimeo.com https://www.totalkredit.dk/ 'self'; default-src 'self'; font-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ 'self'; frame-src https://auth.sdc.dk https://azure-sign-p1.sdc.dk https://player.vimeo.com/ https://policy.app.cookieinformation.com https://www.youtube.com/ 'self'; img-src data: https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://customer.cludo.com https://i.ytimg.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ 'self'; script-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://consent.cookiebot.com/ https://customer.cludo.com https://maps.googleapis.com/ https://player.vimeo.com/ https://policy.app.cookieinformation.com https://policy.app.cookieinformation.com/ https://s.ytimg.com/ https://www.googletagmanager.com/ https://www.totalkredit.dk/ https://www.youtube.com/ 'self' 'unsafe-eval' 'unsafe-inline'; style-src https://*.dynamicyield.com/ https://*.dynamicyield.eu/ https://customer.cludo.com https://policy.app.cookieinformation.com https://www.totalkredit.dk/ 'self' 'unsafe-inline'; report-uri /api/sdc/security/csp/report; report-to default 2 default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' data: https: 'unsafe-inline'; connect-src https: wss: 'unsafe-inline'; report-uri https://hi.report-uri.io/r/default/csp/reportOnly 2 font-src *.sagepay.com *.klevu.com *.ksearchnet.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.sagepay.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sagepay.com *.nosto.com *.nos.to *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com https://images.unsplash.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com *.nosto.com *.nos.to www.googletagmanager.com js.klevu.com *.ksearchnet.com s7.addthis.com *.google.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline downloads.mailchimp.com *.sagepay.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com *.googleapis.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.sagepay.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com ekr.zdassets.com/ t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src * 'unsafe-inline' 'unsafe-eval' 2 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.adyen.com *.surveysparrow.com *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.google.com *.doubleclick.net *.facebook.com *.klarna.com *.surveysparrow.com *.pinterest.com *.echatsoft.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.cloudflare.com *.klarna.com *.klarnaevt.com *.googleadservices.com *.google-analytics.com *.google.pl *.gstatic.com *.googletagmanager.com *.paypal.com *.ytimg.com *.zdassets.com *.zendesk.com *.zopim.com *.naver.com *.pinterest.com *.surveysparrow.com *.baidu.com *.rainbowred.com https://yotpo-editor-production.s3.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.avada.io *.cloudflare.com *.cloudflareinsights.com https://chimpstatic.com https://s3.amazonaws.com/downloads.mailchimp.com/ *.googleoptimize.com *.googleapis.com *.twimg.com *.gstatic.com *.fontawesome.com *.zdassets.com *.zendesk.com *.zopim.com *.klarna.com *.surveysparrow.com *.newrelic.com *.nr-data.net *.naver.net *.naver.com *.tiktok.com *.pinimg.com *.baidu.com *.echatsoft.com *.dwin1.com *.youtube.com *.typekit.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.fontawesome.com *.cloudflare.com *.gstatic.com *.zdassets.com *.zendesk.com *.zopim.com *.adyen.com *.echatsoft.com *.typekit.net unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.zendesk.com *.zopim.com *.adyen.com 'self' data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net https://get.geojs.io *.avada.io *.google.com *.cloudflare.com *.googleapis.com *.nr-data.net *.doubleclick.net *.zendesk.com *.klarna.com *.klarnaevt.com *.surveysparrow.com *.naver.com *.pinterest.com *.tiktok.com *.echatsoft.com *.typekit.net https://static.zdassets.com https://ekr.zdassets.com https://gstatic.com https://*.zopim.com wss://*.zopim.com wss://*.echatsoft.com 'self' data: api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' data: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 worker-src blob:; font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com 'self' data: https://widgets.trustedshops.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' https://0merchantacsstag.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.klarna.com https://google.com https://checkout.paypal.com https://*.mylivechat.com https://www.paypalobjects.com https://ssl.kaptcha.com *.arcot.com https://player.vimeo.com *.maps.googleapis.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com maps.googleapis.com maps.gstatic.com *.klarnacdn.net *.klarna.com *.klarnaevt.com www.w3.org *.totallywicked-eliquid.co.uk *.totallywicked.co.uk https://www.theelectroniccigarette.co.uk https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://*.stats.paypal.com https://*.cloudfront.net https://services.postcodeanywhere.co.uk https://chart.apis.google.com https://*.mylivechat.com https://*.tradetracker.net https://*.paypal.com 'self' data: https://widgets.trustedshops.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.klarnacdn.net *.klarnaservices.com 'self' data: https://bam.nr-data.net https://*.chimpstatic.com https://chimpstatic.com https://*.cloudfront.net https://*.vimeocdn.com *.trustpilot.com https://js-agent.newrelic.com https://maps.googleapis.com https://*.mylivechat.com https://mylivechat.com https://services.postcodeanywhere.co.uk https://static.cloudflareinsights.com https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.gstatic.com/* https://*.pcapredict.com https://*.tradetracker.net *.totallywicked-eliquid.co.uk *.google.com *.gstatic.com https://widgets.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' https://fonts.googleapis.com https://*.mylivechat.com https://services.postcodeanywhere.co.uk https://*.totallywicked-eliquid.co.uk https://*.totallywicked.co.uk *.googleapis.com *.gstatic.com https://widgets.trustedshops.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.klarnaevt.com *.playground.klarnaevt.com https://api.hermesworld.co.uk https://bam.nr-data.net https://maps.googleapis.com *.google-analytics.com https://services.postcodeanywhere.co.uk https://stats.g.doubleclick.net wss://am.freshrelevance.com https://rum-http-intake.logs.datadoghq.eu https://rum.browser-intake-datadoghq.eu https://session-replay.browser-intake-datadoghq.eu https://am.freshrelevance.com https://*.trustpilot.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://www.googletagmanager.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://*.mylivechat.com https://mylivechat.com 'self' 'unsafe-inline'; 2 default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://luminary.report-uri.com/r/d/csp/wizard 2 font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/ *.adyen.com https://www.googletagmanager.com/ www.facebook.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com/ https://www.google.com.ua/ https://www.google.bg/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.adyen.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com https://widgets.trustedshops.com www.google.com *.bing.com www.facebook.com https://cdn.kaffekapslen.be https://www.google.com.ua/ https://www.google.bg/ *.clarity.ms https://googleads.g.doubleclick.net *.googleadservices.com https://bid.g.doubleclick.net https://kaffekapslen.dk/ *.kaffekapslen.dk/ *.klarnacdn.net https://kaffekapslen.media *.pinterest.com/ *.cloudinary.com/ https://www.googletagmanager.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com *.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com maps.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://widgets.trustedshops.com *.newrelic.com gtm.adt313.net *.bing.com *.facebook.net bam.eu01.nr-data.net https://www.google.com https://googleads.g.doubleclick.net https://www.google.com.ua/ https://www.google.bg/ *.clarity.ms *.klarnacdn.net https://s.pinimg.com https://apis.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.trustedshops.com *.etrusted.com bam.eu01.nr-data.net *.clarity.ms www.facebook.com eu.playground.klarnaevt.com *.adt611.com *.pinterest.com/ *.kaffekapslen.dk/ https://az-apim-st-kaffekapslen.azure-api.net/ api.kaffekapslen.com https://bat.bing.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.fontawesome.com *.relaxdays.com *.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com www.facebook.com ct.pinterest.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com cdn.consentmanager.net optimize.google.com www.google.com tpc.googlesyndication.com www.youtube.com www.youtube-nocookie.com www.facebook.com ct.pinterest.com www.pinterest.com www.pinterest.de *.sibforms.com sibautomation.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.consentmanager.net d.delivery.consentmanager.net delivery.consentmanager.net www.it-recht-kanzlei.de *.relaxdays.com i.pinimg.com log.pinterest.com www.pinterest.com ct.pinterest.com *.g.doubleclick.net *.googleadservices.com www.google.com www.google.de www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.fr www.google.dk www.google.se www.google.co.uk www.google.be www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.pt www.google.ro www.google.si www.google.sk www.google.ie www.google.hr www.google.fi www.google.com.mt www.google.com.cy www.google-analytics.com www.googletagmanager.com *.gstatic.com *.googleusercontent.com www.facebook.com connect.facebook.com *.cloudfront.net *.bing.com analytics.tiktok.com alb.reddit.com www.datenschutz.net 'self' data: data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com cdn.consentmanager.net d.delivery.consentmanager.net delivery.consentmanager.net www.googleoptimize.com *.relaxdays.com assets.pinterest.com widgets.pinterest.com s.pinimg.com www.googletagmanager.com tagmanager.google.com www.google.com www.googleadservices.com www.google-analytics.com www.gstatic.com www.google.de www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.fr www.google.dk www.google.se www.google.co.uk www.google.be www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.pt www.google.ro www.google.si www.google.sk www.google.ie www.google.hr www.google.fi connect.facebook.net googleads.g.doubleclick.net tpc.googlesyndication.com bat.bing.com analytics.tiktok.com sibautomation.com *.sendinblue.com www.redditstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com unsafe-inline optimize.google.com *.relaxdays.com tagmanager.google.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src *.relaxdays.com 'self' 'unsafe-inline'; media-src *.relaxdays.com 'self' 'unsafe-inline'; manifest-src *.relaxdays.com 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com delivery.consentmanager.net *.relaxdays.com www.google-analytics.com www.googletagmanager.com *.google.com *.g.doubleclick.net www.google.de www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.fr www.google.dk www.google.se www.google.co.uk www.google.be www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.pt www.google.ro www.google.si www.google.sk www.google.ie www.google.hr www.google.fi www.facebook.com log.pinterest.com ct.pinterest.com bat.bing.com analytics.tiktok.com *.sendinblue.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; report-uri https://relaxdays.com/_csp_report_; report-to report-endpoint; 2 base-uri 'none'; script-src 'unsafe-eval' 'unsafe-inline' data: blob: http: https:; object-src 'none'; report-uri https://sentry.itgalaxy.company/api/85/csp-report/?sentry_key=1fbf25e90f114a3d83a19aa4fa432dcf 2 font-src *.klevu.com *.trustedshops.com *.klarnacdn.net *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.klarna.com widget.trustpilot.com www.google.com *.dotdigital-pages.com *.dotdigital.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com b2b.benuta.com https://cdn.klarna.com *.paypal.com *.klevu.com *.trustedshops.com *.klarnaevt.com bat.bing.com stats.g.doubleclick.net ct.pinterest.com facebook.com google.de google.com widget.trustpilot.com *.usercentrics.eu cdn.flbx.io *.sumo.com *.cloudfront.net *.klarna.com *.klarnacdn.net *.ksearchnet.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.paypal.com *.paypalobjects.com *.newrelic.com *.google.com *.gstatic.com *.nr-data.net *.getflowbox.com *.trustedshops.com *.klevu.com *.trackedlink.net *.klarna.com hit.uptrendsdata.com *.googletagmanager.com bat.bing.com *.pinimg.com connect.facebook.net stats-bq.stylight.net tracking.s24.com load.sumo.com *.usercentrics.eu widget.trustpilot.com *.trackedweb.net *.dotdigital-pages.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.trustedshops.com *.klevu.com *.klarnacdn.net *.ksearchnet.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.wistia.net *.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.nr-data.net *.demdex.net *.klarnaevt.com *.paypal.com ct.pinterest.com widget.trustpilot.com sumo.com *.usercentrics.eu hit.uptrendsdata.com stats.g.doubleclick.net api.addressy.com gtm.benuta.de gtm.benuta.at gtm.benuta.fr gtm.benuta.es gtm.benuta.it gtm.benuta.co.uk gtm.benuta.eu gtm.benuta.ch gtm.benuta.nl gtm.benuta.pl gtm.benuta.dk gtm.benuta.se b2b.benuta.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.clarity.ms adservice.google.com in.treasuredata.com cdn.treasuredata.com cdn.cookielaw.org consumer.krxd.net beacon.krxd.net www.google.com *.acsitefactory.com *.twitter.com t.co cdnjs.cloudflare.com unpkg.com icongr.am *.facebook.com www.googletagmanager.com c.clarity.ms *.doubleclick.net cdn.krxd.net static.addtoany.com www.google.com.mx *.ads-twitter.com *.facebook.net www.youtube.com analytics.google.com trk.clinch.co fonts.gstatic.com *.adsrvr.org; form-action *.facebook.com; frame-ancestors 'self' ; report-uri /csp_report 2 font-src *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.yotpo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.netreviews.eu cl.avis-verifies.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.google.fr *.facebook.com bat.bing.com *.linkedin.com *.avis-verifies.com *.netreviews.eu *.googletagmanager.com 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.kameleoon.com *.kameleoon.eu cl.avis-verifies.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.lefebvre-sarrut.be *.facebook.com *.facebook.net bat.bing.com snap.licdn.com sdk.privacy-center.org www.google.com www.gstatic.com *.avis-verifies.com *.pardot.com *.larcier-intersentia.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.kameleoon.com *.kameleoon.eu www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es www.google-analytics.com bat.bing.com *.doubleclick.net *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: gap://ready; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src 'self' data: https:; report-uri https://thedatinglab.report-uri.com/r/d/csp/reportOnly 2 font-src js.klevu.com 'unsafe-inline' data: *.klevu.com *.ksearchnet.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.google.com *.authorize.net *.paypal.com *.vimeo.com *.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co *.mention-me.com *.nosto.com assets.braintreegateway.com pay.google.com *.yotpo.com webchat.dotdigital.com *.nos.to c.paypal.com checkout.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://static.afterpay.com *.nosto.com *.klevu.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.crafterscompanion.co.uk www.crafterscompanion.com www.crafterscompanion.eu www.spectrumnoir.com *.paypal.com s.ytimg.com *.ksearchnet.com assets.braintreegateway.com *.yotpo.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.nosto.com *.klevu.com www.dwin1.com www.google.com www.gstatic.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com js-agent.newrelic.com bam.nr-data.net *.onetrust.com *.ytimg.com video.google.com *.facebook.net *.postcodeanywhere.co.uk *.hotjar.com api.braintreegateway.com *.cardinalcommerce.com polyfill.io api.comapi.com cdn.dnky.co *.dotdigital-pages.com *.trackedweb.net *.trackedlink.net *.ksearchnet.com *.yotpo.com webchat.dotdigital.com *.mention-me.co c.paypal.com pay.google.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com js.klevu.com *.nos.to assets.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.klevu.com *.gstatic.com getfirebug.com *.afterpay.com *.ksearchnet.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.nosto.com *.yotpo.com *.googleapis.com *.nos.to unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.nosto.com js-agent.newrelic.com bam.nr-data.net *.cardinalcommerce.com *.algolia.net *.algolia.com *.afterpay.com secure.authorize.net test.authorize.net assets.adobedtm.com *.vimeocdn.com *.onetrust.com cdn.acsbapp.com t.paypal.com *.ytimg.com bam-cell.nr-data.net video.google.com *.google-analytics.com *.stats.g.doubleclick.net *.vimeo.com *.facebook.net *.postcodeanywhere.co.uk *.hotjar.com api.braintreegateway.com polyfill.io *.klevu.com api.comapi.com cdn.dnky.co *.dotdigital-pages.com *.trackedweb.net *.trackedlink.net *.ksearchnet.com *.yotpo.com webchat.dotdigital.com *.mention-me.co pay.google.com *.braintree-api.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nos.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.fontawesome.com data: *.hotjar.com *.photoslurp.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.redsys.es facebook.com *.adyen.com *.redsys.com *.pinterest.com sas.redsys.es *.facebook.com sas.redsys.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.hotjar.com *.google.com *.addthis.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de blob: data: *.w3.org *.bing.com c.bing.com *.hotjar.com *.paypal.com bat.bing.com *.clarity.ms *.google.fr facebook.com *.kampyle.com *.gstatic.com *.ladybird.nl *.google.com *.fbcdn.net *.cookiepro.com *.pinterest.com *.pronovias.com *.facebook.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.nicolemilano.com *.cdninstagram.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com *.yotpo.com * 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com *.avada.io unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.nr-data.net *.clarity.ms *.moatads.com *.addthis.com *.kampyle.com *.newrelic.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com *.photoslurp.com *.googleapis.com *.salesforce.com *.addthisedge.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.nicolemilano.com *.empathybroker.com *.lightning.force.com analytics.tiktok.com *.googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.honey.io *.kampyle.com *.force.com *.photoslurp.com service.force.com *.nicolemilano.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.vimeo.com *.akamaized.net player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io wss: vimeo.com bat.bing.com *.force.com *.tiktok.com *.google.com *.nr-data.net *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.tt.omtrdc.net *.hotjar.com google.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com *.cardinalcommerce.com api-staging.empathybroker.com pronoviasgroupcti.secure.force.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp/report/create; 2 form-action www.slotland.eu; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bm-rx.atatus.com media.slotland.eu cdn.livechatinc.com *.hotjar.com wss://mpsnare.iesnare.com www.gstatic.com api.livechatinc.com vc.hotjar.io www.slotland.eu www.googletagmanager.com *.cloudfront.net secure.livechatinc.com; frame-ancestors 'self' ; report-uri /csp_report 2 img-src 'self' https://*.mbaec.de 'unsafe-inline'; 2 default-src 'self'; frame-src 'self' *.youtube.com destinilocators.com *.jotform.com *.adsrvr.org assets.ctfassets.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.trkn.us *.googletagmanager.com *.googlesyndication.com *.postscript.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.adsrvr.org *.googlesyndication.com destinilocators.com *.jotform.com chimpstatic.com *.mailchimp.com *.list-manage.com *.postscript.io connect.squareupsandbox.com connect.squareup.com; child-src 'self' *.youtube.com *.google.com *.twitter.com; style-src 'self' 'unsafe-inline' data: *.typekit.net *.googleapis.com *.googletagmanager.com *.mailchimp.com; img-src * blob: data:; media-src 'none'; object-src 'self' data: assets.ctfassets.net; connect-src *; font-src 'self' data: *.typekit.net; 2 default-src 'self'; img-src * 2 font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.pages03.net *.facebook.com *.google.com *.hotjar.com *.issuu.com *.kaptcha.com *.mkt932.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pages03.net *.amazonaws.com *.coremetrics.com *.facebook.com *.facebook.net *.google.com *.paypal.com *.bronto.com *.hotjar.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.pages03.net *.putmeinthestory.com *.brilliantcollector.com *.facebook.net *.google.com *.gstatic.com *.hotjar.com *.nr-data.net *.newrelic.com *.integration-5ojmyuq-kolnt6avkh4uo.us-3.magentosite.cloud *.c.kolnt6avkh4uo.dev.ent.magento.cloud *.vagrant.com *.zdassets.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com unsafe-inline *.amazonaws.com *.materialdesignicons.com *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.algolianet.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.brilliantcollector.com *.brontops.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.nr-data.net *.zdassets.com *.zendesk.com wss://*.zopim.com https://*.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cd6149b609c1e427f5d8597d1534d2c7.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2 frame-ancestors 'none'; report-uri https://24d3ffea74a0c20fdae8a8be8f764da3.report-uri.com/r/d/csp/reportOnly 2 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://*.pendo.io https://pendo-io-static.storage.googleapis.com https://stats.pusher.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://cdn.rawgit.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.datatables.net; img-src 'self' data: https://www.google-analytics.com https://www.google.com https://maps.gstatic.com https://*.collateral360.com https://*.pendo.io https://*.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net wss://ws-us2.pusher.com; frame-src 'self'; form-action 'self'; report-to default 2 font-src https://stackpath.bootstrapcdn.com https://www.google.com/ https://www.googletagmanager.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://secure.livechatinc.com https://www.google.com/ https://www.googletagmanager.com *.weltpixel.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://pbs.twimg.com https://inclusive-technology.uat71.creode.co.uk https://www.google.com https://www.googletagmanager.com https://www.google.co.uk http://www.inclusive.co.uk http://services.postcodeanywhere.co.uk www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.zdassets.com https://www.googletagmanager.com https://chimpstatic.com http://inclu11111.pcapredict.com http://cdn.livechatinc.com https://api.livechatinc.com http://services.postcodeanywhere.co.uk https://www.google.com/ *.googleapis.com *.google.com *.gstatic.com *.avada.io www.sandbox.paypal.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com https://stackpath.bootstrapcdn.com http://services.postcodeanywhere.co.uk https://www.google.com/ https://www.googletagmanager.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://inclusivesupport.zendesk.com https://ekr.zdassets.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://api.livechatinc.com http://services.postcodeanywhere.co.uk https://www.googletagmanager.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 2 font-src fonts.googleapis.com fonts.gstatic.com *.typekit.net www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net *.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://www.google.com cdn.dnky.co webchat.dotdigital.com *.trustpilot.com *.wesupply.xyz *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.paypal.com https://s.ytimg.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.yotpo.com *.player.vimeo.com *.authorize.net webchat.dotdigital.com *.newrelic.com *.nr-data.net bam.nr-data.net https://www.google.com https://www.gstatic.com cdn.dnky.co api.comapi.com *.trustpilot.com *.cloudflare.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com fonts.googleapis.com www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net cdn.dnky.co *.trustpilot.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.paypal.com www.google-analytics.com *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es *.nr-data.net bam.nr-data.net api.comapi.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob:; report-uri /_resources/php/csp-report.php 2 default-src 'self'; script-src 'self' 'sha256-MdC6fOvaO+dJENLQhOoRht9sHSJ++GoMxjtC5lOpUww=' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; style-src 'self' 'report-sample'; img-src *; base-uri 'none'; object-src 'none'; 2 font-src *.gstatic.com data: *.fontawesome.com fonts.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.worldpay.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com www.google.com *.google.com *.doubleclick.net *.facebook.com account.fetchify.com *.worldpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com cdn.jsdelivr.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://stackpath.bootstrapcdn.com https://display.powerreviews.com https://ui.powerreviews.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.fontawesome.com *.avada.io *.worldpay.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.trustpilot.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com cdn.jsdelivr.net fonts.googleapis.com https://ui.powerreviews.com https://fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cc-cdn.com unsafe-inline *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.getalma.eu https://display.powerreviews.com https://ui.powerreviews.com *.google-analytics.com *.facebook.com *.facebook.net api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; media-src https: 'self' blob:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 2 default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 2 font-src *.klarnacdn.net https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.instagram.com *.dotdigital-pages.com *.dotdigital.com *.nosto.com *.nos.to *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cdninstagram.com *.nosto.com *.nos.to *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.instagram.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.nosto.com *.nos.to *.klarna.com *.klarnacdn.net *.klarnaservices.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.nosto.com *.nos.to *.klarnacdn.net unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.nosto.com *.nos.to *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.avada.io *.fontawesome.com *.googleapis.com *.gstatic.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nextopia.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; img-src 'self' data: https://ssl.google-analytics.com; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://ajax.googleapis.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://*.google-analytics.com; connect-src 'self' https://yoast.com https://*.google-analytics.com; frame-src 'self' https://maps.google.com https://www.google.com; 2 script-src https: 'strict-dynamic' 'report-sample' 'nonce-h/adwCOLDpY4eMVluDgHZfARcczIZTl01/ZG+iid7Jo='; base-uri 'self';report-to csp-endpoint 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-67d913c675626ddd3717db6eae767aeb' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 default-src *.gravatar.com; script-src *.gravatar.com *.wp.com *.google-analytics.com *.googletagmanager.com apis.google.com/js/ 'nonce-a95bff54a91b'; style-src 'self' *.gravatar.com *.wp.com fonts.googleapis.com 'nonce-feca4d157198' 'sha256-ONA8DqqhBTsIrZzU3/jZyRdkNkkAGEU74EH252dbGS8=' ;font-src data: *.gravatar.com *.wp.com fonts.gstatic.com; img-src data: *.gravatar.com gravatar.files.wordpress.com *.wordpress.com/mshots/ *.wp.com vaultpress.com; media-src https://videos.files.wordpress.com/; frame-src *.gravatar.com widgets.wp.com; connect-src *.gravatar.com *.google-analytics.com https://public-api.wordpress.com/; object-src 'none'; base-uri 'self'; report-uri https://public-api.wordpress.com/csp/; 1 base-uri 'none'; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=146&pid=c6dc099efd770256&e=UmFuZG9tSVYkc2RlIyh9YYYdGuViorKPbbEeYHORdCkNGF5wA38KQcXICxE1wrxA; script-src 'self' 'nonce-NZK3TVYLwJOClRH' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: 'sha256-47mKTaMaEn1L3m5DAz9muidMqw636xxw7EFAK/YnPdg=' 'sha256-iry7oJKoKJ+9HSjmU3E1TlRlpSesJWZ1vapuUz2MP38='; 1 default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-ppfG6vFRr7ZcjNzN1A4FEQ=='; style-src 'self' www.gstatic.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://csp-reporter.publishing.service.gov.uk/report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-YGYji5BRaxAh3Flto1KxmQ=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts 1 report-uri https://www.yelp.com/csp_report_only?id=19b2cb22d4e415e7&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www×tamp=1674871626; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1 default-src 'self' https:; upgrade-insecure-requests; script-src 'self' 'unsafe-eval' https: 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; child-src 'self' blob: https:; manifest-src 'self'; frame-ancestors 'self' https:; worker-src 'self' https: blob:; form-action 'self' *.twitter.com *.google.com *.facebook.com connect.facebook.net forms.hsforms.com forms.hubspot.com; base-uri 'self'; object-src 'self'; connect-src 'self' https: data:; report-uri https://typeformwww.report-uri.com/r/t/csp/reportOnly 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-42940ce3e58db3f7aa51ad839eaf005a' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 img-src data: *.douyinstatic.com *.toutiaoimg.com *.bdxiguastatic.com *.bdxiguaimg.com *.bytexservice.com *.bytednsdoc.com *.douyinpic.com *.byteeffecttos.com *.byteacctimg.com *.byteimg.com *.bytecdn.cn http: *.ixigua.com *.itoutiaoimg.com *.toutiaostatic.com s.360.cn *.bytescm.com *.byted.org pos.baidu.com www.gstatic.com jonypractic.net wx.qlogo.cn; report-to slardar-endpoint; style-src 'self' *.bdxiguastatic.com 'unsafe-inline'; font-src 'self' cdn.jsdelivr.net at.alicdn.com fonts.gstatic.com *.pstatp.com *.baomitu.com; connect-src 'self' *.snssdk.com *.volcimagex.net *.bdxiguaimg.com *.toutiaoimg.com *.bytedance.com *.bdxiguastatic.com *.ixigua.com *.byteeffecttos.com *.itoutiaoimg.com *.toutiao.com *.365yg.com *.govwza.cn trans.xdtsmart.com *.douyinpic.com wx.qlogo.cn *.google-analytics.com *.zijieapi.com *.byteimg.com *.bytescm.com *.bytedance.net; manifest-src *.bytednsdoc.com; media-src *.ixigua.com blob: *.byteeffecttos.com *.bytescm.com *.govwza.cn; script-src 'strict-dynamic' 'nonce-c2cdfad4b4c5ff57659bbcfd5a72a7fb-argus' *.bdxiguastatic.com *.bytetos.com *.toutiao.com wasm-eval bdxiguastatic.com; default-src 'self'; frame-src *.summer5188.com; 1 default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1 script-src 'self' 'unsafe-inline' 'nonce-8O4yJIHeG7DExEpzpVHXOffCDASyE1P6' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://resource.digital.voice.va.gov https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://*.ytimg.com https://cdn.botframework.com 'strict-dynamic' nonce-8O4yJIHeG7DExEpzpVHXOffCDASyE1P6; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com https://dvp-oauth-application-directory-logos.s3-us-gov-west-1.amazonaws.com https://i.ytimg.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; frame-src https://dap.digitalgov.gov https://resource.digital.voice.va.gov https://www.googletagmanager.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://events.mapbox.com https://www.google-analytics.com https://stats.g.doubleclick.net http://*.vetsgov-internal https://secure.login.gov https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com https://search.usa.gov https://rum.browser-intake-ddog-gov.com ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content ; form-action 'self' https://vicbdc.vba.va.gov https://vaww.vicbdc.ppd.vba.va.gov https://vicbdc.prod.va.gov/ https://secure.login.gov https://feedback.digital-cloud-gov.voice.medallia.com https://public.govdelivery.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ; 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://rbmeuulvihtwm2eltjhwimi2.httpschecker.net/report 1 default-src 'self'; base-uri 'self'; font-src cdn.jsdelivr.net; frame-src 'self' cse.google.com www.google.com; img-src 'self' *.amazonaws.com www.google.com cdn.jsdelivr.net clients1.google.com www.googleapis.com *.gstatic.com pbs.twimg.com *.hypemarks.com *.tintup.com www.google-analytics.com stats.g.doubleclick.net cdn.webcomponents.ucla.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.googletagmanager.com www.youtube.com cse.google.com cdn.jsdelivr.net *.ytimg.com cdnjs.cloudflare.com www.google-analytics.com *.amazonaws.com cdn.webcomponents.ucla.edu *.gstatic.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.webcomponents.ucla.edu cdnjs.cloudflare.com www.google.com; connect-src 'self' weather.atmos.ucla.edu www.google-analytics.com stats.g.doubleclick.net; report-uri /csp-hotline.php 1 img-src blob: data: https:; default-src data: blob: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://counter.drom.ru/report/ 1 script-src 'nonce-jR0aXXg6Vo5-abnq3hmPQw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 frame-ancestors 'none'; report-uri https://dnsimple.report-uri.com/r/d/csp/wizard 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 block-all-mixed-content ; report-uri /csp-report 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-1c4c33e8eb9a90edd668d8600b91e074' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 default-src * 'unsafe-eval' 'unsafe-inline' blob: data:;frame-src 'self' sinaweibo: weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn sinanews: sinanewslite: intent: se5bed38c567feb2a: sb5750862870e1cc2: sdc77698a60e45368: sb2623a3919ed77d3: s3d4cfbed31875e1c: sc876cbd9ae34e814: sdf08f19582289581: sc640c3792845ba3e: se8525a4dbfaa192b: sb5261983836bde16: sinablog: sinanewapmwebview: sinanewsdirect: sinafinance:; script-src 'self' 'unsafe-inline' 'unsafe-eval' weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn *.qchannel03.cn *.qihucdn.com *.qhres.com *.sinajs.cn *.leju.com *.qq.com qzonestyle.gtimg.cn; report-uri https://logger.sina.cn/report; 1 default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-GbXVxUpATg+fJowwVeL9Gg=='; style-src 'self' www.gstatic.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://csp-reporter.publishing.service.gov.uk/report 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-BDAUztH21Eqki/2ezQ7/h69lOT61gaDb3+VaqXZHQe8='; base-uri 'self';report-to csp-endpoint 1 default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob:;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net track.webgains.com api.webgains.io lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob:;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com track.webgains.com *.webgains.io analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com collection.decibelinsight.net portal.decibel.com 'nonce-syJW4CNV8BHDRiRotf+gaU4EO8wdhMyYfMcDSfqk95Y=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';report-uri https://lego.report-uri.com/r/t/csp/wizard 1 style-src 'unsafe-inline' https:; block-all-mixed-content; object-src 'none'; base-uri 'none'; report-uri https://airtable.com/.csp/report; script-src 'nonce-w1StnxasUpn5' 'unsafe-inline' 'strict-dynamic' 'report-sample' https: 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-jkWih1ahNxybtyIwpIuUxg=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 default-src 'self';style-src 'self' 'unsafe-inline' dev.g.alicdn.com g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com g.alicdn.com dev.g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com retcode.alicdn.com cfall.aliyun.com gw.alipayobjects.com ynuf.aliapp.org;connect-src 'self' *.dingtalk.com wss://*.dingtalk.com ynuf.alipay.com dev.g.alicdn.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com ynuf.aliapp.org px-intl.ucweb.com px.ucweb.com gm.mmstat.com preview-lippi-space-zjk.oss-accelerate.aliyuncs.com wgo.mmstat.com wss://alidocs-body.oss-accelerate.aliyuncs.com wss://pre-collab.dingtalk.com *.mobgslb.tbcache.com *.mmstat.com px.effirst.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com dev.g.alicdn.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: mmstat.alicdn.com res.mmstat.com ynuf.aliapp.org alidocs.oss-cn-zhangjiakou.aliyuncs.com;font-src 'self' at.alicdn.com dev.g.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: http: fourier.taobao.com *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com kcart.alipay.com preview-lippi-space-zjk.oss-cn-zhangjiakou.aliyuncs.com px-intl.ucweb.com px.ucweb.com alidocs.oss-cn-zhangjiakou.aliyuncs.com;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com tbm-auth.alicdn.com dev.g.alicdn.com g.alicdn.com;report-uri https://csp.dingtalk.com/csp; 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-075613e0b42643a7d91d6633dab1c78e' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.kohls.com *.go-mpulse.net *.adobedtm.com *.dynatrace.com *.coherentpath.com *.igodigital.com *.bing.com *.google.com *.paypalobjects.com *.braintreegateway.com *.dynamicyield.com *.gstatic.com *.paypal.com *.micpn.com *.evgnet.com *.clicktale.net *.scorecardresearch.com *.yimg.com *.liadm.com *.ads-twitter.com *.pinimg.com *.facebook.net *.tiktok.com *.vibescm.com sc-static.net *.googletagmanager.com *.snapchat.com *.doubleclick.net *.google-analytics.com *.cnnx.link *.taboola.com *.impactradius-event.com *.ada.support *.googletagservices.com *.btstatic.com *.thebrighttag.com *.indexww.com *.googlesyndication.com *.bazaarvoice.com *.stylitics.com *.tagdelivery.com *.bambuser.com *.googleadservices.com *.rokt.com; style-src 'self' 'unsafe-inline' *.kohls.com; img-src 'self' data: *.kohls.com *.bing.com *.paypal.com *.doubleclick.net *.yahoo.com *.google.com t.co *.twitter.com *.clicktale.net *.pinterest.com *.facebook.com *.google-analytics.com *.dotomi.com *.taboola.com *.2mdn.net *.admedia.com *.admarketplace.net *.igodigital.com trkn.us *.4cinsights.com *.bazaarvoice.com *.tagdelivery.com *.innovid.com *.bizrate.com *.googlesyndication.com *.adxcel-ec2.com *.kohlsimg.com; connect-src 'self' *.kohls.com *.domdog.io *.techlab-cdn.com *.omtrdc.net *.go-mpulse.net *.dynatrace.com *.dynamicyield.com *.yimg.com *.liadm.com *.clicktale.net *.pinterest.com *.taboola.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.addressy.com dpm.demdex.net *.ada.support *.doubleclick.net *.googlesyndication.com *.bazaarvoice.com *.stylitics.com kohls.sjv.io *.coherentpath.com; frame-src 'self' apps.rokt.com *.google.com *.liadm.com *.pinterest.com *.doubleclick.net kohls.demdex.net *.paypal.com *.facebook.com kohls.ada.support *.rlcdn.com *.googlesyndication.com *.flashtalking.com; worker-src 'self' blob:; font-src 'self' data: *.gstatic.com *.stylitics.com; form-action 'self'; base-uri 'self' *.kohls.com; frame-ancestors 'self' https://m.kohls.com; manifest-src 'self' *.kohls.com; media-src 'none'; object-src 'none'; report-uri https://csp38.domdog.io/report-uri/a9a6fb14-365a-4648-b17b-2e47930f8b49/1/1-1; 1 script-src 'nonce-RK5P7PJnTmGxMsjHtRlgzg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.zijieimg.com *.helo-app.com *.toutiaopage.com *.zjurl.cn *.pstatp.com *.bytecdn.cn *.isnssdk.com *.byteoversea.com *.365yg.com *.ks-cdn.com *.ipstatp.com *.amemv.com *.ibytedtos.com *.ixigua.com *.ixiguavideo.com *.hypstarcdn.com *.tiktokcdn.com *.topbuzzcdn.com *.lemocamcdn.com *.musical.ly *.muscdn.com *.ulikecam.mobi *.faceu.mobi *.wukongwenda.com *.wukongwenda.cn *.toutiao13.com *.toutiaoribao.cn *.ribaoapi.com *.dongchediapp.com *.huoshanzhibo.com *.huoshanxiaoshipin.cn *.huoshanxiaoshipin.net *.huoshanvideo.cn *.huoshanvideo.net *.ieshuodong.cn *.ieshuodong.net *.byteoversea.com *.topbuzz.com *.hypstar.com *.tiktokv.com *.byted.org *.bytedance.net *.bytedance.com *.bytedance.cn *.toutiaocloud.com *.snssdk.com *.toutiao.com *.neihanshequ.com *.wukong.com *.huoshan.com *.douyin.com *.everphoto.cn *.jinritemai.com *.tuchong.com *.stock.tuchong.com *.luckycalendar.cn *.bcy.net *.feishu.cn *.dcdapp.com *.oceanengine.com *.chengzijianzhan.com *.byteimg.com *.google-analytics.com 1 default-src 'self' *.tealiumiq.com; img-src 'self' https://tealium.com https://data.pendo.io https://pendo-static-6231259435368448.storage.googleapis.com *.tealiumiq.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.tiqcdn.com https://play.vidyard.com https://cdn.pendo.io https://data.pendo.io https://pendo-io-static.storage.googleapis.com https://pendo-static-6231259435368448.storage.googleapis.com *.tealiumiq.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://pendo-static-6231259435368448.storage.googleapis.com *.tealiumiq.com; font-src 'self' https://*.typekit.net *.tealiumiq.com data:; child-src https://*.vidyard.com https://www.youtube.com *.tealiumiq.com; connect-src 'self' wss://*.tealiumiq.com ws://*.tealiumiq.com *.tealiumiq.com https://*.optimizely.com https://solutions.tealium.net https://cdn.pendo.io https://data.pendo.io https://api.feedback.us.pendo.io *.relicx.com https://rum.browser-intake-datadoghq.com; object-src 'none'; frame-src 'self' *.workato.com *.quicksight.aws.amazon.com report-uri /urest/datacloud/csp; 1 script-src 'self' https://ajax.aspnetcdn.com https://ajax.googleapis.com https://canvasjs.com https://cdn.jsdelivr.net https://cdn.plot.ly https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com https://www.osha.gov; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; frame-ancestors 'self' 1 default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports 1 base-uri https://www.amnesty.org;frame-ancestors 'none';default-src 'self' data: https://www.amnesty.org; connect-src 'self' https://apikeys.civiccomputing.com https://clapi.civiccomputing.com https://www.google.com https://my2.siteimprove.com https://googleads.g.doubleclick.net https://id.siteimprove.com https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' data: https://www.amnesty.org https://fonts.gstatic.com; frame-src 'self' data: https://amnesty-crisis-evidence-lab.github.io https://amnestywebsite.github.io https://e.infogram.com https://flo.uri.sh https://infogram.com https://join.amnesty.org https://js.stripe.com https://platform.twitter.com https://recaptcha.google.com https://story.mapme.com https://www.facebook.com https://www.google.com https://www.recaptcha.net https://www.youtube-noocookie.com https://www.youtube.com https://youtu.be https://w.soundcloud.com https://play.prx.org https://viewer.mapme.com https://vars.hotjar.com https://my2.siteimprove.com; img-src 'self' 'strict-dynamic' data: https://www.amnesty.org https://www.gstatic.com https://www.google-analytics.com https://podfollow.com https://www.facebook.com https://www.google.com https://www.google.co.uk; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' https://www.amnesty.org https://www.googletagmanager.com https://e.infogram.com https://cc.cdn.civiccomputing.com https://www.recaptcha.net https://www.gstatic.com https://www.google.com https://js.stripe.com; script-src-attr 'self' 'strict-dynamic'; script-src-elem 'self' 'unsafe-inline' https://www.amnesty.org https://www.googletagmanager.com https://e.infogram.com https://cc.cdn.civiccomputing.com https://www.recaptcha.net https://www.gstatic.com https://js.stripe.com https://www.google-analytics.com https://platform.twitter.com https://cdn.siteimprove.net https://www.googleoptimize.com https://static.hotjar.com https://connect.facebook.net https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://www.amnesty.org; style-src-attr 'self' 'unsafe-inline'; report-uri https://amnesty.report-uri.com/r/d/csp/reportOnly; 1 script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' login.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikipedia.org en.wiktionary.org en.wikibooks.org en.wikiquote.org en.wikisource.org commons.wikimedia.org en.wikinews.org en.wikiversity.org www.wikidata.org species.wikimedia.org incubator.wikimedia.org en.wikivoyage.org api.wikimedia.org wikimania.wikimedia.org login.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1 default-src https: wss: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://cspreport.olx.com.br/api/v1/cspreport/mixedcontent 1 object-src 'none' media.blueapron.com; manifest-src 'self'; media-src 'self' static.zdassets.com media.blueapron.com; report-uri https://sjsbnmrmh4.execute-api.us-east-1.amazonaws.com/Prod/report_csp_violation 1 default-src 'self' https://*.fantia.jp; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.fantia.jp https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com cdn.jsdelivr.net https://nav.yumenosora.co.jp https://platform.twitter.com vjs.zencdn.net https://ec-widget.toranoana.jp https://static.ads-twitter.com https://analytics.twitter.com https://*.clarity.ms https://*.recaptcha.net https://*.gstatic.com https://*.fontawesome.com https://*.chatplus.jp https://www.googleoptimize.com https://csp-report-ij4goxpsha-an.a.run.app/api/v1/csp_report; font-src 'self' https://*.fantia.jp https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com data: https://*.fontawesome.com https://*.chatplus.jp; style-src 'self' https://*.fantia.jp 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.quilljs.com https://nav.yumenosora.co.jp vjs.zencdn.net https://*.fontawesome.com https://*.chatplus.jp; img-src 'self' https://*.fantia.jp * blob: data: www.googletagmanager.com; child-src 'self' https://*.fantia.jp blob: https://platform.twitter.com https://www.googletagmanager.com https://www.youtube.com https://player.vimeo.com https://*.recaptcha.net https://*.chatplus.jp; connect-src 'self' https://*.fantia.jp id.fantia.jp https://fantia.s3-ap-northeast-1.amazonaws.com https://cc.fantia.jp https://c.fantia.jp https://ec-widget.toranoana.jp https://www.google-analytics.com https://stats.g.doubleclick.net *.clarity.ms https://*.fontawesome.com https://*.agora.io:* https://*.agoraio.cn wss://*.edge.agora.io:* wss://*.edge.agoraio.cn:* wss://*.edge.sd-rtn.com https://*.ap.sd-rtn.com https://*.statscollector.sd-rtn.com:* https://api.veritrans.co.jp https://*.chatplus.jp https://ogp-cache-system-prod-ij4goxpsha-an.a.run.app/api/v1/ogp/info https://csp-report-ij4goxpsha-an.a.run.app/api/v1/csp_report; media-src 'self' https://*.fantia.jp blob: https://*.chatplus.jp; report-to report-server; report-uri https://csp-report-ij4goxpsha-an.a.run.app/api/v1/csp_report; 1 default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.doubleclick.net; font-src 'self' *.typekit.net; frame-src 'self' *.google.com *.marketo.com *.youtube.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com https://www.google.com/ads/ga-audiences *.marketo.com; script-src 'self' 'nonce-nf7TKEtOrgICLsAIOxwk8w==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' *.addtoany.com *.bootstrapcdn.com *.marketo.com *.github.com/flurrydev/ *.github.com/ydn/ *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.yimg.com *.bootstrapcdn.com github.githubassets.com/assets/ *.marketo.com *.typekit.net; report-uri /csp-report 1 default-src *.temu.com *.kwcdn.com *.pddpic.com wss://*.temu.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleusercontent.com www.googleadservices.com www.google.cn www.google.com.hk www.google.co.uk www.google.ca www.google.co.in www.google.co.jp www.google.co.id www.google.co.kr connect.facebook.net www.facebook.com appleid.cdn-apple.com socialplugin.facebook.net *.cash.app *.forter.com blob: data: 'unsafe-eval' 'unsafe-inline' 'wasm-eval'; report-uri /api/sec-csp/c/sec-gif 1 default-src data: frame-ancestors go.akbars.ru 'self' *.akbars.ru; upgrade-insecure-requests; default-src 'self' *.akbars.ru www.akbars.ru https://*.yandex.net devaimee.akbars.ru dadata.ru https://api-maps.yandex.ru *.yandex.ru yandex.ru https://yastatic.net suggestions.dadata.ru statad.ru bank-lkz-akbars-gql.ipoteka.digital sravni.go2cloud.org www.akbars.ru fonts.gstatic.com mc.yandex.ru go.akbars.ru yandex.ru api-maps.yandex.ru stats.g.doubleclick.net dadata.ru googletagmanager.com www.googletagmanager.com; script-src 'self' *.akbars.ru 'report-sample' 'unsafe-inline' 'unsafe-eval' *.yandex.net https://unpkg.com/voximplant-websdk@4.6.2-2432/voximplant.min.js https://www.googleoptimize.com www.googleoptimize.com mc.yandex.ru statad.ru top-fwz1.mail.ru https://vk.com/js/api/openapi.js www.akbars.ru *.akbars.ru apps.akbars.ru ajax.aspnetcdn.com sitesearch-suggest.yandex.ru maps.yandex.net yandex.ru site.yandex.net api-maps.yandex.ru mc.yandex.ruclck.yandex.ru yastatic.net www.googletagmanager.com https://www.google-analytics.com www.googleadservices.com connect.facebook.net code.jquery.com api2.akbars.ru cdn.ru data: blob:; script-src-elem 'self' 'unsafe-inline' *.yandex.ru yandex.ru https://yastatic.net https://api-maps.yandex.ru www.googleoptimize.com testbankok.akbars.ru unpkg.com https://mc.yandex.ru https://www.googletagmanager.com https://www.google-analytics.com *.yandex.net; style-src 'self' *.akbars.ru 'report-sample' 'unsafe-inline' partners.akbars.ru apps.akbars.ru devaimee.akbars.ru fonts.googleapis.com yastatic.net; font-src 'self' data: https://fonts.gstatic.com; media-src https://images.samsung.com 'self' ; frame-src 'self' identity-digitalprofile.dev.akbars.ru ad.new-programmatic.com api-maps.yandex.ru www.facebook.com www.youtube.com; child-src 'self' api-maps.yandex.ru; connect-src 'self' testbankok.akbars.ru wss://testbankok.akbars.ru*.akbars.ru wss://devaimee.akbars.ru pixel.kbki.ru bank-lkz-akbars-gql.ipoteka.digital partners.akbars.ru devaimee.akbars.ru dadata.ru suggestions.dadata.ru statad.ru statad.ru partners.akbars.ru apps.akbars.ru mc.yandex.ru api-maps.yandex.ru yastat.net yastatic.net yandex.st yandex.ru maps.yandex.net vk.com login.vk.com top-fwz1.mail.ru www.googletagmanager.com www.google-analytics.com google-analytics.bi.owox.com stats.g.doubleclick.net www.google.ru www.google.com googleads.g.doubleclick.net www.facebook.com; base-uri 'self' *.akbars.ru; img-src data: blob: 'self' statad.ru https://www.akbars.ru *.akbars.ru top-fwz1.mail.ru yastatic.net *.yastatic.net vk.com https://www.google-analytics.com *.yandex.ru *.yandex.net yandex.ru yandex.net https://googletagmanager.com https://www.googletagmanager.com https://i.ytimg.com; form-action 'self' *.akbars.ru; report-uri https://csp-collector-app.live-dmz.akbars.ru/ 1 base-uri 'self';connect-src 'self' https: https://www.recaptcha.net wss:;default-src 'self' https: wss: blob: data:;form-action 'self' https:;img-src 'self' https: http://iea.imgix.net https://iea.imgix.net data:;media-src 'self' https: data: http://iea.imgix.net https://iea.imgix.net;object-src 'none';script-src 'self' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://www.recaptcha.net https://snap.licdn.com https://www.gstatic.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com 'sha256-l/3fcn6MZG0SSVJq6fOLe49ZKIjbWdNzhreJz7KQ/1M=' 'sha256-+MedjqNIfWWYUGuHJ53XLEjzmGDCp9Om50MVUO/C/zo=' 'nonce-KLQHshKBhKjnGWEWSHoooLR6DH1cG2NX';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self' 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chrome 1 child-src 'self' blob:;connect-src 'self' https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://*.akamaized.net https://*.kaltura.com https://endpoint.finnpanel.fi https://*.chartbeat.net https://api.mapbox.com https://events.mapbox.com https://api.flockler.com https://plugins.flockler.com https://*.stat.fi https://sak.userreport.com https://*.enetscores.com/ wss://migratory.enetpulse.com https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://*.omtrdc.net;default-src 'self';font-src data: https://yle.fi https://*.yle.fi https://*.enetscores.com/ https://fonts.gstatic.com;frame-src 'self' https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://e.infogram.com https://platform.twitter.com https://www.instagram.com https://tag.userreport.com https://yle.reco.ebu.io;img-src 'self' data: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://ping.chartbeat.net https://*.akamaized.net https://*.akamaihd.net https://*.analytics.edgekey.net https://*.cloudinary.com https://*.kaltura.com https://syndication.twitter.com https://visitanalytics.userreport.com https://flockler.com https://media-api.flockler.com https://fl-1.cdn.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://*.enetscores.com/ https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://*.omtrdc.net;manifest-src 'self';media-src blob: data: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://*.akamaihd.net https://*.akamaized.net https://*.kaltura.com;object-src 'none';prefetch-src https://*.akamaized.net https://*.kaltura.com https://ping.chartbeat.net;script-src 'self' 'unsafe-inline' blob: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://static.chartbeat.com https://tunnus-sdk.yle.fi https://*.analytics.edgekey.net https://*.kaltura.com https://www.gstatic.com https://sak.userreport.com https://e.infogram.com https://reco.ebu.io/news-reco-yle.js https://platform.twitter.com/ https://www.instagram.com/embed.js https://platform.instagram.com/ https://embed-cdn.flockler.com/embed-v2.js https://fl-1.cdn.flockler.com/ https://*.enetscores.com/ https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://*.omtrdc.net;style-src 'unsafe-inline' https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://fl-1.cdn.flockler.com/ https://fonts.googleapis.com/ https://*.enetscores.com/;upgrade-insecure-requests;report-to csp-report-endpoint;report-uri https://csp.aws.yle.fi/index 1 form-action 'self'; style-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.cnil.fr *.educnum.fr; frame-ancestors 'self' www.dailymotion.com www.youtube-nocookie.com www.youtube.com; img-src 'self'; frame-src 'self' www.dailymotion.com www.youtube-nocookie.com www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.cnil.fr; object-src 'self'; font-src 'self'; base-uri 'self'; block-all-mixed-content; default-src 'self' data: blob:; 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-9d3e28fd18ec562b09c01aeb6a6c3e32' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-3418d8978311e6b6ceb081fac05888bb' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ubs.com *.ubs.net *.adobedtm.com *.demdex.net *.decibelinsight.net *.decibel.com *.adform.net *.everesttech.net *.googleapis.com *.brightcove.net *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.zencdn.net *.akamaihd.net *.facebook.net *.googleadservices.com *.google.com *.doubleclick.net *.cloudflare.com *.zmags.com *.raisenow.com *.adobe.com mccs-chat-i4.ubstest.net:* mccs-chat-01-ch.iiz-te2.ubstest.net:* fuse.ubs.com; style-src 'self' 'unsafe-inline' *.googleapis.com; object-src *.ubs.com *.ubs.net https://players.brightcove.net; base-uri 'none'; frame-ancestors *.ubs.com *.ubs.net *.homegate.ch *.financescout24.ch; form-action *.ubs.com *.ubs.net; frame-src *.ubs.com *.ubs.net https://ubs.demdex.net optimus.foundation https://outlook.office365.com; connect-src *.ubs.com *.ubs.net wss://collection.decibelinsight.net mccs-chat-i4.ubstest.net:* mccs-chat-01-ch.iiz-te2.ubstest.net:* *.decibelinsight.net *.decibel.com *.demdex.net *.brightcove.com *.boltdns.net *.brightcovecdn.com *.googleapis.com widgets.sentifi.com *.akamaihd.net fuseapi.ubs.com fuseconsole.ubs.com fuse.ubs.com wss://fuse.ubs.com; img-src *.ubs.com *.ubs.net data: fuseapi.ubs.com fuseconsole.ubs.com fuse.ubs.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.gstatic.com *.googleapis.com *.twitter.com t.co *.facebook.com *.linkedin.com *.google.com *.google.ch *.doubleclick.net *.googleadservices.com *.yahoo.co.jp *.adform.net; report-uri /csp/reports 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: nj.gov *.twitter.com *.googleapis.com adservice.google.com s.yimg.com *.adsrvr.org buttons-config.sharethis.com clients1.google.com maxcdn.bootstrapcdn.com 77497.global.siteimproveanalytics.io code.jquery.com cdnjs.cloudflare.com dialogflow.cloud.google.com *.cloudfront.net 1468.global.siteimproveanalytics.io use.fontawesome.com www.credit-card-logos.com ka-f.fontawesome.com public.govdelivery.com *.nj.gov *.state.nj.us translate.google.com www.gstatic.com www.google.com *.facebook.com kit.fontawesome.com www.youtube.com p.typekit.net www.google-analytics.com platform-api.sharethis.com www.njsp.org imgssl.constantcontact.com sp.analytics.yahoo.com *.custhelp.com *.ads-twitter.com stackpath.bootstrapcdn.com use.typekit.net cse.google.com njdoc.gov cognito-identity.us-east-1.amazonaws.com www.njaqinow.net sdk.amazonaws.com malsup.github.io *.tiktok.com www.rnengage.com cdn.datatables.net static.dialogflow.com l.sharethis.com *.facebook.net www.googletagmanager.com server.arcgisonline.com *.addthis.com content.govdelivery.com siteimproveanalytics.com t.co fonts.google.com oss.maxcdn.com *.arcgis.com at.alicdn.com fonts.gstatic.com; form-action *.nj.gov *.state.nj.us www.google.com nj.gov; frame-ancestors 'self' ; report-uri /csp_report 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/safety_google 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-afb46839e4a532e2f74b5ea355141570' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-f02a25e0b17bd23501d8d35bc4e1f682' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: adservice.google.com www.artnet.com *.hotjar.com rum.browser-intake-datadoghq.com news.artnet.com pixel.quantserve.com *.doubleclick.net cdn.linkedin.oribi.io *.serving-sys.com *.facebook.com *.googlesyndication.com www.googletagservices.com *.linkedin.com www.google-analytics.com fast.fonts.net *.facebook.net www.google.com pixel-geo.prfct.co report.artnet.glassboxdigital.io adservice.google.ca cdn.segment.com tag.marinsm.com ib.adnxs.com www.google.be images.artnet.com www.google.fr www.google.ch api.sail-track.com www.google.it secure.adnxs.com www.google.at pixel.quantcount.com adservice.google.de www.google.nl secure.quantserve.com ak.sail-horizon.com www.google.de z.moatads.com www.google.com.ph www.google.es csi.gstatic.com rules.quantcount.com www.google.cz www.google.ro adservice.google.ch www.google.com.hk adservice.google.it adservice.google.nl www.google.co.in www.gstatic.com adservice.google.co.uk fonts.gstatic.com snap.licdn.com service.urchin.com *.adroll.com www.googletagmanager.com api.sail-personalize.com *.addthis.com www.google.pl edge.quantserve.com cdn.gbqofs.com v1.addthisedge.com www.google.co.uk; form-action www.artnet.com www.google.com *.facebook.com; frame-ancestors 'self' ; report-uri /csp_report 1 script-src 'self' *.concur.com concur.com *.concursolutions.com *.concursolutionsus.sc.omtrdc.net *.concursolutionseu.sc.omtrdc.net *.concurcdc.cn *.sap.com *.concurmessaging.com platform.cloud.coveo.com *.platform.cloud.coveo.com *.coveo.com coveo.com docs.coveo.com *.docs.coveo.com connect.coveo.com *.connect.coveo.com *.akamaihd.net *.akamaitechnologies.com *.deploy.akamaitechnologies.com *.deploy.static.akamaitechnologies.com *.googletagmanager.com googletagmanager.com google-analytics.com *.google-analytics.com *.gstatic.com *.stats.g.doubleclick.net *.adobedtm.com adobetm.com *.assets.adobedtm.com assets.adobedtm.com *.trustarc.com *.prefmgr-cookie.truste-svc.net *.walkme.com walkme.com *.cdn.walkme.com cdn.walkme.com *.glancecdn.net glancecdn.net *.glance.net glance.net *.s3.amazonaws.com s3.amazonaws.com *.salesforceliveagent.com *.enable-now.cloud.sap *.cloud.sap *.ondemand.com *.newrelic.com newrelic.com *.nr-data.net *.qualtrics.com *.siteintercept.qualtrics.com *.ridecharge.com 'unsafe-inline' 'unsafe-eval';report-uri /nui/signin/report-violation 1 default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1 default-src 'self'; base-uri 'self'; font-src 'self' fonts.gstatic.com data:; worker-src blob:; media-src 'self' api.media.atlassian.com; img-src data: blob: 'self' *.badgen.net *.youtube.com atlassian.wpengine.netdna-cdn.com global.discourse-cdn.com img.shields.io *.atlassian.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat www.gstatic.com *.wp.com cdn.cookielaw.org *.clicktale.net *.doubleclick.net https://googleads.g.doubleclick.net images.ctfassets.net *.public.atl-paas.net trello.com trello-backgrounds.s3.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.co.in *.google.com *.atlassian.com *.gravatar.com; frame-src 'self' *.atlassian.com *.atl-paas.net *.googletagmanager.com player.vimeo.com trello.com www.youtube.com www.figma.com; connect-src 'self' *.googletagmanager.com *.algolianet.com *.algolia.net *.clicktale.net *.launchdarkly.com *.trello.com *.doubleclick.net *.qualtrics.com *.onetrust.com *.sentry.io cdn.segment.com api.segment.io www.google-analytics.com cdn.cookielaw.org *.atlassian.com *.algolia.io; report-uri https://web-security-reports.services.atlassian.com/csp-report/dac; object-src 'none'; style-src 'self' *.trellocdn.com 'unsafe-inline'; script-src 'nonce-plij3GLEHns+ORCoeGQV9Jgwr+moH9JbH6xhiwnTfkI=' 'self' 'sha256-Nt9ereHaxV04RZ20OLtdR3uuFr1X0/Pbt5KbGls/wXg=' https://www.googleadservices.com https://player.vimeo.com/api/player.js *.segment.com *.clicktale.net mscgen.js.org *.qualtrics.com *.trellocdn.com *.atlassian.com www.googletagmanager.com www.google-analytics.com https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/search-insights@2.2.1 1 default-src data: blob: 'unsafe-eval' 'unsafe-inline' https: 'self' wss: *.intercom.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com *.bazaarvoice.com bat.bing.com cdn.attn.tv *.optimizely.com cdn.polyfill.io cdn1.affirm.com connect.facebook.net *.art.com *.doubleclick.net js.intercomcdn.com pixel.mathtag.com s.pinimg.com static.klaviyo.com tag.rmp.rakuten.com tags.bkrtx.com widget.intercom.io *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.art.com cdn.pbbl.co *.googleadservices.com code.jquery.com *.intercom.io *.artprintimages.com *.google.com *.affirm.com *.allpostersimages.com *.fbot.me *.datadoghq-browser-agent.com *.intercom.io; object-src 'none'; base-uri 'self'; report-uri https://csp.walmart.com/c/r/art 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'none'; connect-src 'self' https://analytics.sys.kth.se; font-src 'self' data:; img-src 'self' data: https://app.kth.se; media-src 'self' data:; prefetch-src 'self'; script-src 'self' 'strict-dynamic' 'unsafe-inline' https: 'sha256-+1oyq/+XD3gjmevdmUUh3qFVr0pqCXBcJpCpruhZnDc=' 'sha256-aDKCtHZwa8DEV1fL7zrEyr5LYtc25vCByVLwkQwjbAg=' 'sha256-jFq6QlA+SF6J1tQK0DK9oTPqH6Biy8FSfmGe+SvxOwQ=' 'sha256-4EuN0gV4C1S4XI1yHGEJxQeQw/ganFDh36pqJZaSAjI=' 'sha256-JKQWvIhFV3xZ44Bz5d7/LMV9LZQSNn40K7MVTyTKC5M=' 'sha256-RawAKNmFnTlGgmcujbGJJ6SjpNQFwfj5TpgcOhiX9uM=' 'sha256-Spn9hkt1gmEfkXjqzPhefVp10vm2+vUshi/GAAxMddc=' 'sha256-Q00JemcEKxnBSYv/QleE1R+xR3TXMbbhatyU+CnL7wY=' 'sha256-/lEIDYJk869XT6mUT6jfZFf8Mq9hxgTr2bHuYjWXzAw=' 'sha256-odyNUWAoJew7D40yuVNwu/8zmZU9ZPeD+WXG4q8KFk4='; style-src 'self' 'unsafe-inline' 'sha256-N8Lg/UAmuWEJLWdqsCJ895JeKHzKMBNUI33melugL/4=' 'sha256-G1e3GasPFUwqb22BZZoi8rlReu+VYa1aafJwnMiYwqw=' https://app.kth.se 'sha256-PUAqwV974ukNOKvPhtR53qaw+kHXMRbRunbnRPn/qZw=' 'sha256-cZb6gOqUrrA/4Miz8oV4TKwpdCEXCrvOG7l0gE5JhB4=' 'sha256-IndbmT3F0m2UpXMam1mKB0eTi5jiTZYEnfVHe6Bz2H4=' 'sha256-ghTwjsaiZLeXIJXqfLJpTjoexgpjLXY98s6R/XdEFbU='; form-action 'self'; frame-ancestors 'self'; base-uri 'none'; report-uri /api/csp-report 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-0da8df82b56568bdb9171d7040a10b1c' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 style-src-elem 'unsafe-inline' 'self' *.tide.co fonts.googleapis.com; connect-src 'self' *.api.kustomerapp.com googleads.g.doubleclick.net pagead2.googlesyndication.com analytics.tiktok.com adservice.google.com session-replay.browser-intake-datadoghq.eu rum-http-intake.logs.datadoghq.eu www.datadoghq-browser-agent.com www.google.com bat.bing.com cdn.segment.com www.google-analytics.com *.google-analytics.com stats.g.doubleclick.net cookie-cdn.cookiepro.com trc-events.taboola.com api.mixpanel.com api-js.mixpanel.com api.segment.io in.hotjar.com trc.taboola.com vc.hotjar.io secure.quantserve.com tr.outbrain.com; font-src 'self' data: *.tide.co *.kustomerapp.com fonts.gstatic.com script.hotjar.com; frame-src www.facebook.com www.google.com www.youtube.com vars.hotjar.com widget.trustpilot.com; img-src 'self' data: *.tide.co images.ctfassets.net *.quantserve.com cookie-cdn.cookiepro.com tr.outbrain.com chart.googleapis.com *.gstatic.com connect.facebook.net cds.taboola.com q.quora.com s3.eu-west-2.amazonaws.com 2.gravatar.com bat.bing.com px.ads.linkedin.com www.linkedin.com c0.adalyser.com cx.atdmt.com heapanalytics.com stats.g.doubleclick.net www.facebook.com p.adsymptotic.com www.google-analytics.com *.google-analytics.com *.google.co.uk *.google.com *.google.com.au *.google.de *.google.fr *.google.co.in *.kustomerhostedcontent.com www.googletagmanager.com web.uploads.tide.co secure.gravatar.com; script-src-elem 'self' 'unsafe-inline' *.kustomerapp.com secure.quantserve.com rules.quantcount.com tr.outbrain.com amplify.outbrain.com analytics.tiktok.com *.googleoptimize.com optimize.google.com www.datadoghq-browser-agent.com cookie-cdn.cookiepro.com cdn.jsdelivr.net bat.bing.com c0.adalyser.com cdn.heapanalytics.com cdn.mxpnl.com cdn.segment.com cdn.taboola.com trc.taboola.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net platform.twitter.com px.ads.linkedin.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.google-analytics.com www.linkedin.com www.google.com www.gstatic.com www.googletagmanager.com www.googleadservices.com widget.trustpilot.com tagmanager.google.com; style-src-attr 'unsafe-inline'; report-uri https://csp.tide.co/report 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; worker-src 'self' blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' static.prdg.io/ ucontent.prdg.io *.mogl.com acsbapp.com appleid.cdn-apple.com cdn.auryc.com js.authorize.net completr-v2.appspot.com tags.clickagy.com cdn.cookielaw.org static.districtm.ca googleads.g.doubleclick.net pf.entertainow.com load.exelator.com connect.facebook.net gwiqcdn.globalwebindex.net accounts.google.com/gsi/client apis.google.com/js/ translate.google.com www.google.com/jsapi www.google.com/pagead/ www.google.com/recaptcha/ *.google-analytics.com www.googleadservices.com maps.googleapis.com storage.googleapis.com/pollfish_production/ tpc.googlesyndication.com www.googletagmanager.com www.googletagservices.com www.gstatic.com/recaptcha/ cdn.heapanalytics.com cdn.hellosign.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com d.impactradius-event.com cso2.imperium.com secure.insightexpressai.com surveys.insightexpressai.com csr.inspsearchapi.com media-cdn.ipredictive.com embed.jungroup.com global.localizecdn.com api.maruusurv-serving.com privacyportal-cdn.onetrust.com www.paypalobjects.com aalert.peanutlabs.com polyfill.io rules.quantcount.com secure.quantserve.com publishers.revenueuniverse.com wsdk.rokt.com sb.scorecardresearch.com classic.slingo.com jsd.supersonicads.com widget.trustpilot.com platform.twitter.com cdn.wootric.com static.zdassets.com assets.zendesk.com cdnjs.cloudflare.com/ajax/libs/intl-tel-input/ cdnjs.cloudflare.com/ajax/libs/inputmask/4.0.8/inputmask/inputmask.min.js d3op16id4dloxg.cloudfront.net/RelevantID4.js; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' static.prdg.io/ ucontent.prdg.io *.mogl.com acsbapp.com appleid.cdn-apple.com cdn.auryc.com js.authorize.net completr-v2.appspot.com tags.clickagy.com cdn.cookielaw.org static.districtm.ca googleads.g.doubleclick.net pf.entertainow.com load.exelator.com connect.facebook.net gwiqcdn.globalwebindex.net accounts.google.com/gsi/client apis.google.com/js/ translate.google.com www.google.com/jsapi www.google.com/pagead/ www.google.com/recaptcha/ *.google-analytics.com www.googleadservices.com maps.googleapis.com storage.googleapis.com/pollfish_production/ tpc.googlesyndication.com www.googletagmanager.com www.googletagservices.com www.gstatic.com/recaptcha/ cdn.heapanalytics.com cdn.hellosign.com script.hotjar.com static.hotjar.com mpsnare.iesnare.com d.impactradius-event.com cso2.imperium.com secure.insightexpressai.com surveys.insightexpressai.com csr.inspsearchapi.com media-cdn.ipredictive.com embed.jungroup.com global.localizecdn.com api.maruusurv-serving.com privacyportal-cdn.onetrust.com www.paypalobjects.com aalert.peanutlabs.com polyfill.io rules.quantcount.com secure.quantserve.com publishers.revenueuniverse.com wsdk.rokt.com sb.scorecardresearch.com classic.slingo.com jsd.supersonicads.com widget.trustpilot.com platform.twitter.com cdn.wootric.com static.zdassets.com assets.zendesk.com cdnjs.cloudflare.com/ajax/libs/intl-tel-input/ cdnjs.cloudflare.com/ajax/libs/inputmask/4.0.8/inputmask/inputmask.min.js d3op16id4dloxg.cloudfront.net/RelevantID4.js; report-uri https://csp.prodege.workers.dev/report 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-3e5271bb52ec331950c1076ac88c6da2' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 default-src 'none'; style-src 'self'; connect-src 'self'; img-src 'self'; script-src 'self' https://www.google.com/jsapi https://www.googletagmanager.com https://s3.amazonaws.com/downloads.mailchimp.com/js/ https://www.gstatic.com/charts/loader.js https://www.google-analytics.com/analytics.js; font-src 'self'; base-uri 'self'; form-action 'self'; 1 script-src 'unsafe-inline' 'unsafe-eval' https:; object-src data: https://d1785e74lyxkqq.cloudfront.net https://h.online-metrix.net; base-uri 'none'; report-uri https://tvlk.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://t.r42.io/matomo.js; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-7b2280e502bb0d9af9780d938aa85607' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 child-src https:; connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.wrike.com https://*.www.wrike.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://youtube.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.6sc.co https://*.app-eu.wrike.com https://*.bizographics.com https://*.google-analytics.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.twitter.com https://*.wrike.com https://*.www.wrike.com https://*.yandex.ru https://api.greenhouse.io https://api.pinterest.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://c.disquscdn.com https://cdn.onesignal.com https://cdn.ravenjs.com https://cdn.syndication.twimg.com https://commondatastorage.googleapis.com/code.snapengage.com/js/ https://connect.facebook.net https://d.adroll.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3rnld1uo6kgq2.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://disqus.com https://fast.wistia.com https://fast.wistia.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://i.simpli.fi https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js https://onesignal.com https://pixel.mathtag.com https://px.airpr.com/airpr.js https://s.adroll.com https://s3.amazonaws.com/r.kissinsights.com/ https://secure.adnxs.com https://snap.licdn.com https://src.litix.io/core/2/mux.js https://sslwidget.criteo.com https://static.ads-twitter.com https://static.criteo.net https://track-mv.com https://turbo.qualaroo.com https://vidassets.terminus.services https://vk.com https://wrike.disqus.com https://wrike.influitive.com https://www.google.com https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.snapengage.com/; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp-global.wrike.com/csp-report?website 1 form-action *.facebook.com epson.com *.snapchat.com xiecomm.paymetric.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.windows.net cdn.cs.1worldsync.com b.6sc.co www.google.com.kw www.sandbox.paypal.com www.google.be www.google.com.ar idsync.rlcdn.com at.alicdn.com *.adsrvr.org www.google.com.sg www.google.co.tz checkout.getbread.com www.google.com.jm www.google.dz region1.analytics.google.com s.tribalfusion.com www.google.at www.google.co.id secure.adnxs.com epson.com *.bidr.io www.google.ro s.yimg.com www.google.ru www.bizrate.com *.dotomi.com api.tiles.mapbox.com cdnssl.clicktale.net www.google.com.qa www.google.nl www.google.co.th www.google.com.tw ib.adnxs.com www.google-analytics.com www.google.com.bd www.google.com.om www.google.co.ke *.omtrdc.net api.mapbox.com www.google.pt www.google.dk www.google.mn www.google.ae id.rlcdn.com www.google.co.ma www.google.co.nz www.google.bg www.google.ie www.google.com.kh bam.nr-data.net www.google.lk www.google.co.ug www.google.com.pr www.google.cz *.tealiumiq.com players.brightcove.net www.google.it www.google.ps www.google.hr www.google.no www.google.com.pa www.google.rw www.google.ch files.support.epson.com cdn.honey.io www.google.com.gh *.bazaarvoice.com wtbevents.pricespider.com *.googleapis.com www.google.hu segments.company-target.com www.google.co.za *.facebook.com www.google.com.eg pi.pardot.com www.google.com.np a.tribalfusion.com img.youtube.com seal.verisign.com www.google.gr ws.cs.1worldsync.com www.google.com www.google.com.sa www.google.com.au *.akamaihd.net www.google.tt t.co www.emjcd.com www.google.si www.google.com.mm fonts.gstatic.com www.google.co.cr www.google.com.my cdnjs.cloudflare.com www.google.co.uk www.google.tn fast.fonts.net www.google.com.mx *.tiktok.com www.google.rs www.google.cl bat.bing.com *.opendns.com k-aus1.clicktale.net sc-static.net xiecomm.paymetric.com www.google.sk s3-us-west-2.amazonaws.com tags.tiqcdn.com *.snapchat.com public.cobrowse.oraclecloud.com www.google.com.ph www.google.com.ec www.paypalobjects.com *.demdex.net www.google.com.ua *.twitter.com cc.cs.1worldsync.com *.everesttech.net www.google.com.sv embeddedcloud.pricespider.com www.google.lt www.google.com.et www.google.ca www.google.ee www.google.com.tr *.taboola.com www.google.com.co *.doubleclick.net us-central1-adaptive-growth.cloudfunctions.net www.google.jo cdn.pdst.fm a4.tribalfusion.com www.paypal.com scripts.demandbase.com www.google.co.in www.google.co.jp www.google.co.kr www.googletagmanager.com www.google.com.bo q-aus1.clicktale.net www.sjwoe.com www.google.az cf-images.us-east-1.prod.boltdns.net www.google.com.pk metrics.brightcove.com www.google.com.ng www.google.by www.google.co.il www.google.com.br www.google.co.ve geoip-js.com t.paypal.com www.google.ge edge.api.brightcove.com locate.pricespider.com ssl.kaptcha.com cdn.jsdelivr.net cdn.linkedin.oribi.io api.company-target.com forms.goepson.com js.qualified.com www.google.com.cy www.google.lv www.google.com.bh i.ytimg.com www.mczbf.com www.google.hn yastatic.net huge.superpinkday.com unpkg.com www.google.lu l.clicktale.net www.google.se www.google.de js-agent.newrelic.com www.google.com.gt *.facebook.net www.google.com.pe c.clicktale.net tiny.superpinkday.com adservice.google.com map.brightcove.com www.google.iq wss://ws.qualified.com vjs.zencdn.net app.qualified.com www.gstatic.com events.mapbox.com analytics.google.com *.googlesyndication.com stat.dealtime.com www.youtube.com check.pricespider.com js.cnnx.link snap.licdn.com *.ads-twitter.com tsdtocl.com assets.map.brightcove.com mediaserver.goepson.com *.googleadservices.com *.linkedin.com maps.gstatic.com sp.analytics.yahoo.com cdn.pricespider.com; frame-ancestors 'self' ; report-uri /csp_report 1 base-uri 'self';connect-src 'self' https: *.sentry.io *.amplitude.com *.care.com *.carezen.net *.signalfx.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net font.google.com analytics.google.com tagmanager.google.com www.google.com https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com;default-src 'self' wss://*.care.com *.care.com *.careapis.com *.carezen.net *.cdn-care.com care.com cdn-care.com www.gstatic.com www.google.com *.googlesyndication.com tags.tiqcdn.com tags-eu.tiqcdn.com tk.getwork.com tr.snapchat.com shareasale.com *.doubleclick.net apps.rokt.com bid.g.doubleclick.net tags.w55c.net *.linkedin.com www.pinterest.com carecom.sjv.io staging-pt.ispot.tv ct.pinterest.com;font-src 'self' data: https://www.care.com https://www.dev.carezen.net https://www.stg.carezen.net fonts.gstatic.com https://script.hotjar.com;frame-ancestors 'self';img-src data: blob: *;object-src 'none';script-src 'self' *.akamaihd.net *.care.com *.careapis.com *.carezen.net *.cdn-care.com *.cloudfront.net *.googlesyndication.com *.sift.com *.monetate.net acsbapp.com analytics.tiktok.com apps.rokt.com bat.bing.com care.com cdn-care.com cdn.pdst.fm connect.facebook.net d.impactradius-event.com googleads.g.doubleclick.net maps.googleapis.com s.pinimg.com ssl.google-analytics.com tags-eu.tiqcdn.com tags.tiqcdn.com wss://*.care.com www.emjcd.com www.google-analytics.com www.google.com www.googleadservices.com *.googletagmanager.com www.gstatic.com tr.outbrain.com tags.w55c.net clarity.ms staging-pt.ispot.tv tracker.mnixdata.com *.mountain.com tagmanager.google.com s.go-mpulse.net collector-12308.tvsquared.com js.adsrvr.org https://static.hotjar.com https://script.hotjar.com 'nonce-d2f60b1e3958ac7723977cc62fb02e79' 'strict-dynamic';frame-src 'self' alchemy.veriff.com www.google.com recaptcha.google.com bid.g.doubleclick.net 12355078.fls.doubleclick.net s.go-mpulse.net carecom.sjv.io apps.rokt.com tr.snapchat.com 3239339.fls.doubleclick.net https://vars.hotjar.com insight.adsrvr.org;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.google.com https://static.hotjar.com https://script.hotjar.com 'nonce-d2f60b1e3958ac7723977cc62fb02e79';style-src-attr 'self' 'unsafe-inline' tags.tiqcdn.com tags-eu.tiqcdn.com bat.bing.com;upgrade-insecure-requests;report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=vhp-mfe%401.213.0&sentry_environment=prod 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-3zpm/+b+MdsbQq9UuqnqDg=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 default-src 'self' 'unsafe-inline' *.atbar.org *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk corporate.wordpress.soton.ac.uk blog.soton.ac.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.googleadservices.com www.googletagmanager.com *.google-analytics.com connect.facebook.net static.ads-twitter.com j.flxpxl.com hj.flxpxl.com d2hlpp31teaww3.cloudfront.net d1d7fjtb6d4i2m.cloudfront.net analytics.twitter.com ib.adnxs.com www.intelliworkschat.com access.ecs.soton.ac.uk *.atbar.org www.youtube.com s.ytimg.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk stats.wp.com soton.disqus.com stats.wp.com corporate.wordpress.soton.ac.uk blog.soton.ac.uk s0.wp.com use.typekit.net connect.facebook.com platform.twitter.com; font-src 'self' data: ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk use.typekit.net; img-src data: 'self' www.southampton.ac.uk cdn.soton.ac.uk cdn.southampton.ac.uk t.co mpp2.vindicosuite.com *.google-analytics.com *.facebook.com pixel.adsafeprotected.com *.doubleclick.net www.google.com www.google.co.uk *.atbar.org *.issuu.com image.isu.pub www.intelliworkschat.com pixel.wp.com blog.soton.ac.uk platform.twitter.com pbs.twimg.com syndication.twitter.com p.typekit.net d1d7fjtb6d4i2m.cloudfront.net; frame-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; child-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; 1 frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports 1 default-src 'self' 'unsafe-inline' data: *.fca.org.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.salesforceliveagent.com *.twentythree.net snap.licdn.com analytics.tiktok.com sc-static.net; img-src 'self' 'unsafe-inline' data: *.facebook.com *.google-analytics.com *.siteimproveanalytics.io *.google.com t.co *.doubleclick.net *.fca.org.uk *.google.ie *.videomarketingplatform.co www.google.co.uk *.nr-data.net *.googletagmanager.com *.fca.org.uk *.gstatic.com www.glassdoor.co.uk *.fca.org.uk linkedin.com www.facebook.com t.co *.linkedin.com *.google.ch *.google.de *.google.nl *.google.com.eg *.google.es *.google.ee *.google.co.in *.google.co.uz *.adsymptotic.com *.tableau.com *.google.ge *.google.se *.google.com.bh *.google.sk; frame-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.doubleclick.net insight.adsrvr.org *.fca.org.uk *.googletagmanager.com *.youtube.com match.adsrvr.org *.twentythree.net gateway.zscaler.net *.tableau.com *.snapchat.com; frame-ancestors 'self' *.fca.org.uk; child-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.fca.org.uk; font-src 'self' data: fonts.gstatic.com *.fca.org.uk at.alicdn.com; connect-src 'self' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.googleapis.com analytics.tiktok.com *.snapchat.com; report-uri https://o105440.ingest.sentry.io/api/234655/security/?sentry_key=78e86bb79e1f44d0b24b22ab1e9dc5d0; upgrade-insecure-requests 1 default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.hsbc.com.hk:* *.walkme.com bat.bing.com *.recaptcha.net *.gstatic.cn *.biocatch.com; img-src 'self' blob: data: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net s3.walkmeusercontent.com d3sbxpiag177w8.cloudfront.net *.walkme.com bat.bing.com *.tealiumiq.com *.googletagmanager.com *.google.co.uk *.biocatch.com; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.hsbc.com.hk:* *.walkme.com bat.bing.com *.biocatch.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.walkme.com *.googletagmanager.com *.recaptcha.net; frame-ancestors 'self' *.liveperson.net; font-src 'self' data: *.hsbc.com.hk *.walkme.com; worker-src 'self' blob: *.walkme.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com *.walkme.com; object-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1 object-src 'none'; script-src 'strict-dynamic' 'report-sample' 'unsafe-inline' 'unsafe-eval' http: https: 'nonce-/nIt5wZLU8bdqLu3wHkWdA=='; base-uri 'self'; report-uri https://www.stitchfix.com/dynamic-shock/security/csp_reports?action_name=show&browser_type=Chrome&controller_name=pages&logweasel_id=01GQVATF8Z3T2WCQQRYR4HX02A-DYNAMIC_SHOCK-WEB 1 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tvsquared.com *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://*.teads.tv https://*.taboola.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://www.googleoptimize.com https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.tvsquared.com *.taboola.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.googleapis.com https://stackadapt.com https://*.doubleclick.net *.yimg.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1 default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=AF2M0KC94RCEA:sid=143-6228012-1323767:rid=N5J3PSV0ND5E2YEP7BG6:sn=www.acx.com 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /1/apitun/security/csp-report; 1 base-uri 'none'; script-src 'self' 'nonce-UsqeJbR5jmarsGY' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: 'sha256-47mKTaMaEn1L3m5DAz9muidMqw636xxw7EFAK/YnPdg=' 'sha256-iry7oJKoKJ+9HSjmU3E1TlRlpSesJWZ1vapuUz2MP38='; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=146&pid=d57b0f0f8e8a0048&e=UmFuZG9tSVYkc2RlIyh9YYYdGuViorKP2uawYrSNxcytpAycn8MiQYAmFYysyk78; 1 frame-ancestors 'self';object-src 'none';base-uri 'self';script-src https: 'unsafe-inline' 'strict-dynamic' 'sha256-wDkOnY488UsdiT+Fni3PAYzYjaXqcMGJsemH5GvnTDE=' 'sha256-7nlMQcL5wcuhJJp2xHyJEYLu9UtmgJb1G6pX8Zt1bVU=' 'sha256-XTjMkXSdcqydi64g1HGPptxIuLBbY/3VaZ0+0+LqzEI=' 'sha256-kxfWe5OS4NAeYgfcNsuaY1cqEa9FV67g1vjbOGu7Y+Q=' 'sha256-fEwcoMl+U8arEzkS/5nOFha256nZZcF3gi5LpjXfWu4=' 'sha256-Q8nDwOnN4K9LjZPOvOOo4k5oMxMk+71AobDCxvtRC0s=' 'sha256-P3Iv8MTrpYqg2F2zJ1/XrvO4w3r0W2KD/FBZhruTlRE=' 'sha256-lwEI5bcL/uIpkzw7EQW1CUm9HnZNQ/b1WnXMnRseIgI=' 'sha256-6s8MnDs7AjBtOTCMPZKUFjRvCB+p1+stRdWVWPv65B4=' 'sha256-A2NxygZ7XIsJwxtmCVbFVp1ZqkyQBypzmr95s7joNW0=' 'sha256-soR5fx0hB+8MWiOGRv5W4/Z8jLg7WQHwY6OHsDN87fY=' 'sha256-sJOJtR0hSUKvGNbV2qc1mzfB/li7eObY2cqloHvGz5A=' 'sha256-FSNzKhO3MuDhty4x9yXewnWarBiq+D4tmFeP8aN1M8w=' 'sha256-GrAnpnZquU3r0eeEBVbR627ZTOnt5gHnp6LHi9Hgl7k=' 'sha256-YbTR/3viyfc1QTvyPMXh+TeJERoEeG7zv3rBY+sUCn0=';worker-src blob:;report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubc504e1394818288959b4d64fb38efebe&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=reportonly&service=wolt.com 1 default-src 'self' 'unsafe-inline' data: blob: ssl.kaptcha.com *.vimeo.com *.bluesnap.com *.ccdc02.com *.google-analytics.com *.google.com *.yahoo.com *.pinimg.com *.redditstatic.com *.taboola.com *.pinterest.com *.googleapis.com *.g.doubleclick.net *.googleadservices.com *.guardiosecurity.com *.facebook.net *.facebook.com *.googlesyndication.com *.googletagmanager.com *.bing.com secure.adnxs.com *.cardinalcommerce.com fullstory.com *.fullstory.com *.typekit.net *.quora.com *.guard.io *.paypal.com *.gstatic.com *.fixel.ai *.youtube.com *.twitter.com *.ads-twitter.com *.outbrain.com *.stripe.com s.yimg.com o435118.ingest.sentry.io; img-src * data: blob:; report-uri https://guard.io/v2/api/csp 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/panoramio 1 default-src https: wss:; script-src https: wss: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1 default-src * 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lietou-static.com *.liepin.com *.alipay.com *.pstatp.com *.liepin.cn *.aliyuncs.com *.baidu.com *.qq.com *.bdstatic.com unpkg.com lyra-wv-rpc://resource lyra-wv-rpc://rpc https://appx https://appx-t2 *.bytegoofy.com js.cdn.aliyun.dcloud.net.cn *.amap.com captcha.gtimg.com captcha.myqcloud.com cdn.jsdelivr.net data: blob:; child-src * data: blob: ; img-src * android-webview-video-poster: data: blob:; font-src * data: blob: moz-extension:; frame-src * data: blob: wvjbscheme:; worker-src * data: blob: ; media-src * data: blob: ; report-uri https://alarmhook.liepin.com/hook/lpsoc-save-csp.json 1 default-src 'self' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com https://app505-dayforce-csp-func.azurewebsites.net/api/DFCspReportFunction; script-src 'self' 'unsafe-eval' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com 'nonce-cgwWuADrLw==' 'report-sample'; style-src 'self' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com 'unsafe-inline'; img-src 'self' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com data: blob:; font-src 'self' mydayforce.com *.dayforce.com *.dayforcehcm.com https://col.eum-appdynamics.com https://cdn.appdynamics.com https://www.google-analytics.com https://cdn.cookielaw.org https://ceridian-privacy.my.onetrust.com https://geolocation.onetrust.com data:; object-src 'none'; base-uri 'self'; 1 script-src 'unsafe-inline' https: 'nonce-H8YVEr0R5xmhL+sPAe9t5A==' 'strict-dynamic' 'report-sample';object-src 'none';base-uri 'none';report-uri /user-promo/platform/report-csp; 1 default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com *.bdstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //a.tool.lu/csp 1 script-src 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://cdn.cookielaw.org https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdnsecakmi.kaltura.com https://cdnapisec.kaltura.com http://cdnapi.kaltura.com https://www.google-analytics.com https://cdn.jsdelivr.net https://script.crazyegg.com https://static.cloudflareinsights.com https://www.google.com https://www.gstatic.com https://bam.nr-data.net https://hm.baidu.com/hm.js blob: https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.youtube.com https://static.addtoany.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://js-agent.newrelic.com https://geolocation.onetrust.com https://bam-cell.nr-data.net https://script.crazyegg.com https://static.cloudflareinsights.com https://fonts.googleapis.com; report-uri /report-csp-violation 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/admob_google_com 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 report-uri /csp-log.php; report-to csp-log-endpoint; default-src 'none'; img-src 'self' data: https://tiles.rz.uni-leipzig.de/ https://img.youtube.com/ https://i.ytimg.com/ https://www.gstatic.com/images/ https://translate.google.com/; script-src 'self' 'unsafe-inline' https://app1.edoobox.com/ https://cdn1.edoobox.com/ https://uni.wwwstat.rz.uni-leipzig.de/ https://vimeo.com/api/ https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://cdnjs.cloudflare.com/ajax/libs/leaflet/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/leaflet/ https://translate.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/mathjax/; media-src 'self' data:; connect-src 'self' https://uni.wwwstat.rz.uni-leipzig.de/ https://www.uni-leipzig.de/ https://translate.googleapis.com/; frame-src https://app1.edoobox.com/ https://www.studieren-weltweit.de/ https://www.facebook.com/ https://www.sozphil.uni-leipzig.de/ https://studienbuero.erzwiss.uni-leipzig.de/ https://www.youtube-nocookie.com/embed/ https://player.vimeo.com/video/; object-src 'self'; 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://tvline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' data: blob: mediastream: http://*.uni-kiel.de https://*.uni-kiel.de 'unsafe-inline' 'unsafe-eval'; 1 default-src https:; base-uri 'self'; script-src 'unsafe-inline' https: 'nonce-ta7AHQ41+m+gDw==' 'strict-dynamic' 'unsafe-eval' *.zulily.com 'report-sample'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: blob:; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' *.zulily.com; report-uri https://productreviews.prod.store.aws.z8s.io/csp-report-violations-report-only; 1 default-src 'self' *.wargaming.net lesta.ru *.lesta.ru https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net lesta.ru *.lesta.ru *.tvsquared.com *.soloway.ru *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://*.adform.net https://partner.worldoftanks.com https://www.googleoptimize.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://inv-dmp.admixer.net ; style-src 'self' 'unsafe-inline' *.wargaming.net lesta.ru *.lesta.ru https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net lesta.ru *.lesta.ru *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.ru wss://tanki.su https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://www.googleoptimize.com https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net lesta.ru *.lesta.ru https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net lesta.ru *.lesta.ru https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net lesta.ru *.lesta.ru https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net lesta.ru *.lesta.ru https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: wss://127.0.0.1:5901 www.googletagmanager.com *.globalsources.com www.google-analytics.com api.geetest.com wss://127.0.0.1:6040 www.google.co.za s3.ap-east-1.amazonaws.com img01.yzcdn.cn *.doubleclick.net www.google.com www.google.com.sg cdn.dcloud.net.cn bat.bing.com *.facebook.com *.online-metrix.net wss://127.0.0.1:2112 adservice.google.com region1.google-analytics.com *.facebook.net www.google.ca wss://127.0.0.1:5902 wss://127.0.0.1:3389 at.alicdn.com wss://127.0.0.1:5279 wss://127.0.0.1:63333 wss://127.0.0.1:5950 www.google.ae *.googlesyndication.com ups.analytics.yahoo.com snap.licdn.com cdn.linkedin.oribi.io www.google.com.tr wss://127.0.0.1:5903 www.google.co.kr wss://127.0.0.1:5939 wss://wss.im.qcloud.com www.google.co.in www.google.com.pk psce.s3.cn-north-1.amazonaws.com.cn *.googleadservices.com web.sdk.qcloud.com wss://127.0.0.1:5931 xin-huanqiuziyuan.sfn-aws-singapore-01.saas.sensorsdata.cn wss://127.0.0.1:7070 wss://127.0.0.1:6039 www.gstatic.com www.google.com.ph *.adsrvr.org www.google.de *.linkedin.com www.google.co.th wss://wss.my-imcloud.com wss://127.0.0.1:5900 wss://127.0.0.1:5944 www.720yun.com www.google.co.uk fonts.gstatic.com api.im.qcloud.com www.micstatic.com www.google.com.bd; form-action *.facebook.com; frame-ancestors 'self' ; report-uri /csp_report 1 form-action amadeus.com *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: amadeus.com www.google.ae *.facebook.com www.shareaholic.net *.everesttech.net www.google.it resources.digital-cloud.medallia.eu geoip-js.com *.demdex.net www.google.com *.facebook.net adservice.google.com www.googletagmanager.com *.omtrdc.net www.google.co.il www.gstatic.com www.google.com.ph www.google.com.au wss://collection.decibelinsight.net *.doubleclick.net www.google.co.za *.googleapis.com img06.en25.com t.co cdnjs.cloudflare.com www.google.com.ng apps.shareaholic.com www.google.co.uk tools.euroland.com www.google.com.sa www.google.com.ar fonts.gstatic.com www.youtube.com www.google.nl cdn.linkedin.oribi.io collection.decibelinsight.net js.maxmind.com www.google.es *.linkedin.com www.google-analytics.com img.youtube.com tags.tiqcdn.com tools.eurolandir.com m9m6e2w5.stackpathcdn.com www.google.dz cdn.cookielaw.org *.googleadservices.com www.google.co.in www.google.co.jp *.eloqua.com www.google.com.co www.google.de analytics.shareaholic.com www.google.com.eg geolocation.onetrust.com www.google.fr *.twitter.com www.google.com.br privacyportal-eu.onetrust.com; frame-ancestors 'self' ; report-uri /csp_report 1 default-src sir.rediris.es www.rediris.es 'self' abs.twimg.com cdn.syndication.twimg.com pbs.twimg.com platform.twitter.com self syndication.twitter.com ton.twimg.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube-nocookie.com; connect-src www.google-analytics.com; form-action syndication.twitter.com platform.twitter.com; img-src 'self' www.rediris.es abs.twimg.com data: file ton.twimg.com pbs.twimg.com platform.twitter.com; script-src-elem 'self' www.google.com www.googletagmanager.com 'unsafe-inline' www.rediris.es cdn.syndication.twimg.com platform.twitter.com; script-src www.google.com www.gstatic.com 'unsafe-inline'; style-src-elem 'self' www.rediris.es platform.twitter.com ton.twimg.com; style-src 'self'; frame-src 'self' platform.twitter.com syndication.twitter.com www.youtube-nocookie.com; object-src 'self'; report-uri https://27ee058862b5cab81e8d2c18685f28d5.report-uri.com/r/d/csp/wizard 1 upgrade-insecure-requests default-src 'self' 'unsafe-eval' 'unsafe-inline' blob:; font-src 'self' fonts.gstatic.com data:; img-src * data:; media-src 'self' blob:; worker-src 'self' blob:; object-src 'self'; frame-ancestors 'self'; report-uri /ContentSecurityPolicy/Report 1 default-src 'none'; connect-src 'self' https://appservices.wwnorton.com; frame-ancestors 'self'; font-src 'self' https://fonts.googleapis.com; style-src 'self' https://cloud.typography.com https://dsbst55b1909i.cloudfront.net; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://static.wwnorton.com https://storage.googleapis.com; img-src 'self' https://www.google-analytics.com https://appservices.wwnorton.com https://cdn.wwnorton.com https://diqp43fm0w6zs.cloudfront.net https://stats.g.doubleclick.net; 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-uri https://logging.snhu.edu/Logging/LogCSPViolation/; default-src 'self' *.visualwebsiteoptimizer.com *.googletagmanager.com *.youtube.com *.google.com *.google-analytics.com *.facebook.com *.salesforceliveagent.com *.fullstory.com; img-src 'self' collector-4113.tvsquared.com dev.visualwebsiteoptimizer.com p.adsymptotic.com s.amazon-adsystem.com www.google-analytics.com www.google.com yt3.ggpht.com i.ytimg.com px.ads.linkedin.com www.facebook.com data: tags.w55c.net www.googletagmanager.com googleads.g.doubleclick.net education.mediaalpha.com ads.stickyadstv.com www.linkedin.com id5-sync.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' dev.visualwebsiteoptimizer.com www.googletagmanager.com collector-4113.tvsquared.com connect.facebook.net cti.w55c.net d.la4-c3-ph2.salesforceliveagent.com edge.fullstory.com googleads.g.doubleclick.net s.go-mpulse.net sc-static.net sd.iperceptions.com snap.licdn.com static.doubleclick.net universal.iperceptions.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube.com service.force.com tr.snapchat.com ; style-src 'self' 'unsafe-inline' www.youtube.com service.force.com; frame-src 'self' www.youtube.com service.force.com universal.iperceptions.com tr.snapchat.com www.facebook.com www.google.com; script-src-elem 'self' 'unsafe-inline' service.force.com *.salesforceliveagent.com dev.visualwebsiteoptimizer.com www.googletagmanager.com www.youtube.com sc-static.net googleads.g.doubleclick.net collector-4113.tvsquared.com *.google-analytics.com cti.w55c.net universal.iperceptions.com snap.licdn.com connect.facebook.net *.googleapis.com edge.fullstory.com static.ads-twitter.com cdn.jsdelivr.net snhu.kuali.co tr.snapchat.com www.google.com; connect-src 'self' www.google-analytics.com analytics.google.com tr.snapchat.com stats.g.doubleclick.net api.iperceptions.com www.facebook.com rs.fullstory.com snhu.kuali.co c.go-mpulse.net cdn.linkedin.oribi.io; style-src-elem 'self' 'unsafe-inline' service.force.com snhu.kuali.co fonts.googleapis.com; font-src 'self' data: service.force.com snhu.kuali.co fonts.googleapis.com fonts.gstatic.com 1 object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com code.highcharts.com code.jquery.com https://cdn.boomcdn.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdn.polyfill.io https://cdnjs.cloudflare.com https://code.highcharts.com https://code.jquery.com https://live-idb-config.pantheonsite.io https://polyfill.io https://public.tableau.com https://static.addtoany.com https://unpkg.com https://www.google.com maps.googleapis.com maxcdn.bootstrapcdn.com tether.io unitegallery.net 'unsafe-inline'; script-src-attr 'self'; style-src 'self' ajax.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://live-idb-config.pantheonsite.io https://use.fontawesome.com unitegallery.net 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1 script-src 'self' *.edpuzzle.com *.edpuzzle.dev 'unsafe-inline' 'unsafe-eval' latex.codecogs.com service.mtcaptcha.com service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.ytimg.com *.soundcloud.com *.zendesk.com cdnjs.cloudflare.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com *.awswaf.com *.appcues.com; style-src 'self' *.edpuzzle.com 'unsafe-inline' maxcdn.bootstrapcdn.com latex.codecogs.com d1htrclywvryi1.cloudfront.net fonts.googleapis.com *.appcues.com; report-uri /api/v3/violations/csp 1 default-src 'self' tpc.googlesyndication.com;frame-ancestors 'self';frame-src 'self' https://staticcdn.co.nz *.youtube.com www.facebook.com connect.facebook.net gsa://onpageload https://d2rf51x5ga9gxp.cloudfront.net trademe.wufoo.com matterport.com *.matterport.com viewer.metamaker.istaging.com vtc.virtualtourscreator.com.au app.cloudpano.com youriguide.com virtualtour.laserfocus.co.nz s3virtualtour.esoft.com www.boxbrownie.com kuula.co tours.virtualpro.nz open.littlehinges.com virtual-tour.ipropertyexpress.com https://api.trademe.co.nz/ https://auth.trademe.co.nz https://*.app.trade.me https://vimeo.com https://*.vimeo.com https://cdn.diakrit.com https://livetour.istaging.com https://vtc.virtualtourscreator.com.au https://app.cloudpano.com https://storage.googleapis.com https://www.google.com https://www.google.co.nz *.googlesyndication.com console.googletagservices.com *.doubleclick.net *.imrworldwide.com *.trademepayments.co.nz *.pingauth.trademe.co.nz;font-src 'self' data: *.tmcdn.co.nz fonts.googleapis.com fonts.gstatic.com;img-src 'self' data: blob: www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.ggpht.com i.ytimg.com i.vimeocdn.com www.facebook.com https://staticcdn.co.nz *.imrworldwide.com *.segment.com https://api.trademe.co.nz/ *.tmcdn.co.nz https://trademe-prod-cdn.global.ssl.fastly.net https://*.trademe.co.nz *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.googlesyndication.com *.doubleclick.net *.googleusercontent.com api.myautoshop.co.nz images.myautoshop.co.nz sslphotos.jato.com via.placeholder.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com;script-src 'self' 'sha256-9ShOVTIPza9Pak2xKaplsw1JTxVYsYDZjH0HeL8o2Pc=' 'sha256-JHntFHEdrw2twnxZxueVlJPiHaSx3qXl44r8ElcCZ5A=' 'unsafe-eval' https://frend-assets.freetls.fastly.net/ https://staticcdn.co.nz connect.facebook.net www.google-analytics.com www.googletagmanager.com *.googletagservices.com dnn506yrbagrg.cloudfront.net *.googleapis.com www.youtube.com s.ytimg.com script.crazyegg.com *.segment.com *.appboycdn.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.googleadservices.com *.doubleclick.net *.imrworldwide.com *.googlesyndication.com cdn.ampproject.org *.afterpay.com *.app.trade.me *.newrelic.com *.nr-data.net;form-action 'self' trademe.wufoo.com www.facebook.com connect.facebook.net d3f5l8ze0o4j2m.cloudfront.net https://api.trademe.co.nz/ https://*.app.trade.me;connect-src 'self' https://api.trademe.co.nz/ https://auth.trademe.co.nz *.tmcdn.co.nz https://*.app.trade.me *.segment.io *.segmentapis.com *.segment.com *.braze.com sentry.io www.facebook.com www.google-analytics.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.google.com *.google.co.nz *.google.com.au *.google.co.uk *.google.lk *.google.co.in *.google.com.sg *.google.com.sa *.google.cn *.google.com.ph *.google.com.hk *.google.co.kr *.google.de *.google.ca *.google.co.jp *.google.com.fj *.google.co.id *.google.ae *.google.com.my *.google.co.th *.google.fr *.google.nl *.google.com.tw *.google.com.br *.google.es *.google.ie *.google.cl *.google.se *.google.ar *.google.com.vn *.doubleclick.net *.googlesyndication.com https://*.afterpay.com api.amplitude.com https://*.app.trade.me https://*.nr-data.net;child-src 'self';worker-src 'self';report-uri https://www.trademe.co.nz/a/csp-report-uri 1 require-trusted-types-for 'script'; trusted-types angular angular#bundler angular#unsafe-bypass aio#analytics google#safe goog#html; report-uri https://csp.withgoogle.com/csp/angular.io 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-4dddd4527816e1ba8e86479af26afdbe' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 report-uri https://www.yelp.com/csp_report_only?id=343d87f8ab2d8122&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www×tamp=1674869306; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com blob: data: *.3lift.com *.adroll.com *.affilae.com *.bidr.io *.casalemedia.com *.ceros.com *.clarity.ms *.clearbit.com *.company-target.com *.datadoghq.com *.doubleclick.net *.facebook.com *.getbeamer.com *.hotjar.com *.licdn.com *.linkedin.com *.marketo.com *.mktoresp.com *.onetrust.com *.outbrain.com *.pendo.io *.pingdom.net *.pubmatic.com *.reddit.com *.rlcdn.com *.rubiconproject.com *.taboola.com *.twitter.com ajax.googleapis.com amplify.outbrain.com api.amplitude.com api.madkudu.com api.segment.io attr.ml-api.io bat.bing.com browser.sentry-cdn.com cdn.amplitude.com cdn.bizible.com cdn.cookielaw.org cdn.jsdelivr.net cdn.madkudu.com cdn.segment.com cdn.segment.io cdnjs.cloudflare.com ceros-creative-services.s3.amazonaws.com client-registry.mutinycdn.com client.mutinycdn.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com getbeamer.com js.driftt.com js.sentry-cdn.com js.stripe.com maxcdn.bootstrapcdn.com munchkin.marketo.net res.cloudinary.com s.ml-attr.com secure.adnxs.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co tag.clearbitscripts.com tag.demandbase.com tr.outbrain.com tracking.g2crowd.com user-data.mutinycdn.com www.datadoghq-browser-agent.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.redditstatic.com www.welcometothejungle.com x.clearbitjs.com ; img-src * data: ; font-src 'self' data: fonts.gstatic.com github.com images.mutinycdn.com maxcdn.bootstrapcdn.com use.typekit.net ; connect-src 'self' *.algolia.com *.algolia.io *.algolia.net *.algolianet.com algolia.com algolia.io algolia.net algolianet.com data: *.ceros.com *.clarity.ms *.datadoghq.com *.google-analytics.com *.hotjar.com *.hotjar.io *.linkedin.com *.mktoresp.com *.mktoutil.com *.mutinyhq.io *.onetrust.com *.pingdom.net *.segment.com *.segment.io *.sentry.io adservice.google.com api.amplitude.com api.company-target.com api.madkudu.com api.segment.io app.clearbit.com app.getsentry.com backend.getbeamer.com cdn.cookielaw.org ceros-creative-services.s3.amazonaws.com d.adroll.com in.hotjar.com maps.googleapis.com prod-algolia-blog-subscription.herokuapp.com raw.githubusercontent.com stats.g.doubleclick.net us-central1-documentation-feedback.cloudfunctions.net user-data.mutinycdn.com vitals.vercel-insights.com wss://*.hotjar.com www.google-analytics.com www.google.com ; worker-src 'self' blob: ; report-uri https://algolia.report-uri.com/r/t/csp/wizard 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; 1 default-src https:; script-src 'self' 1 default-src 'self'; script-src 'nonce-eQ/aoOE1OBRO8CSR+KaUFg==' 'strict-dynamic' https: 'unsafe-inline'; style-src 'self' 'unsafe-inline' blob: https://app.getbeamer.com https://assets.openlearning.com https://*.ssl.cf4.rackcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.openlearning.com https://oluploadslive.blob.core.windows.net https://front-us-rest.ably.io https://api.amplitude.com https://api.hubapi.com https://api.hubspot.com https://api.ipify.org https://backend.getbeamer.com https://chat.frontapp.com https://www.facebook.com https://find.userpilot.io https://forms.hubspot.com https://iframe.ly https://in.hotjar.com https://learningtime.servicebus.windows.net https://pythonutilityfunctions.azurewebsites.net https://sentry.io https://stats.g.doubleclick.net https://us-west-1-chat-server.frontapp.com https://vc.hotjar.io https://www.google-analytics.com https://pagead2.googlesyndication.com wss://analytex.userpilot.io wss://front-us-realtime.ably.io wss://*.openlearning.com; font-src 'self' data: https://*.ssl.cf4.rackcdn.com https://assets.openlearning.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https:; img-src 'self' data: blob: https:; manifest-src 'self' https://*.ssl.cf4.rackcdn.com; media-src 'self' https://dev-media.openlearning.com https://media.openlearning.com https://qencode.blob.core.windows.net; worker-src 'none'; child-src blob:; report-uri https://o144378.ingest.sentry.io/api/4503997018275840/security/?sentry_key=3e8067ef74184915a686caf1ecfabda0&sentry_environment=live; 1 default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.com *.spreadshirt.com ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.google-analytics.com *.analytics.google.com *.spreadshirt.com ; font-src 'self' https: data: *.spreadshirt.com ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.yahoo.com *.doubleclick.net; font-src 'self' *.bootstrapcdn.com; frame-src 'self' *.soundcloud.com *.twitter.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com *.yahoo.com https://www.google.com/ads/ga-audiences *.pendo.io *.twitter.com *.twimg.com; script-src 'self' 'nonce-Kir5inht4V/tVZnuQ67ApA==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com *.github.com/flurrydev/ *.pendo.io *.twitter.com *.twimg.com; style-src 'self' 'unsafe-inline' *.yimg.com *.twitter.com *.twimg.com https://github.githubassets.com/assets/ *.bootstrapcdn.com; report-uri /csp-report 1 frame-ancestors 'self' http://*.abcya.com:* https://*.abcya.com:* https://*.ixl.com:* https://*.ixl.x:* https://*.ixl.q:* https://*.ixl.z:* https://*.ixl.k38:* https://*.ixl.m26:* https://*.ixl.cap:* https://*.ixl.lb:* https://*.ixl.k10:* https://*.ixl.k41:* https://*.ixl.t:* https://*.ixl.abcyaonixl.ixl.dev:* http://localhost:* https://*.ixl.dev:*; default-src 'self' https://tpc.googlesyndication.com/safeframe/; connect-src 'self' https://*.abcya.com https://*.admetricspro.com https://assets-abcya-com.netlify.app https://csi.gstatic.com https://dt.clnmde.com https://kinesis.us-east-1.amazonaws.com https://www.google-analytics.com https://*.media.net https://*.googlesyndication.com https://*.doubleclick.net https://*.arcademics.com wss://*.arcademics.com; font-src 'self' https://*.media.net https://d33wubrfki0l68.cloudfront.net https://fonts.gstatic.com https://*.arcademics.com; frame-src 'self' blob: https://*.admetricspro.com https://*.stripe.com https://*.abcya.com https://assets-abcya-com.netlify.app https://pxlclnmdecom-a.akamaihd.net https://*.googlesyndication.com https://*.doubleclick.net https://www.google.com; img-src 'self' data: https://*.arcademics.com https://*.net https://*.abcya.com https://assets-abcya-com.netlify.app https://*.admetricspro.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://dt.clnmde.com https://www.googletagmanager.com https://*.doubleclick.net https://px.moatads.com https://*.googlesyndication.com https://www.google-analytics.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.kidsafeseal.com https://s02mdn.net/; media-src 'self' https://assets-abcya-com.netlify.app; object-src https://*.abcya.com https://assets-abcya-com.netlify.app; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://imasdk.googleapis.com/js/sdkloader/ima3.js https://vjs.zencdn.net/7.11.4/video.min.js https://cdnjs.cloudflare.com/ajax/libs/videojs-ima/1.10.1/videojs.ima.min.js https://cdnjs.cloudflare.com/ajax/libs/videojs-contrib-ads/6.0.0/videojs.ads.min.js https://adservice.google.com https://cdn.ampproject.org https://*.admetricspro.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://*.stripe.com https://mb.moatads.com https://pxlclnmdecom-a.akamaihd.net https://*.doubleclick.net https://*.arcademics.com https://*.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googletagservices.com https://www.gstatic.com https://z.moatads.com; style-src 'self' 'unsafe-inline' https://vjs.zencdn.net/7.11.4/video-js.css https://cdnjs.cloudflare.com/ajax/libs/videojs-contrib-ads/6.7.0/videojs.ads.css https://cdnjs.cloudflare.com/ajax/libs/videojs-ima/1.10.1/videojs.ima.css https://d33wubrfki0l68.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com; report-uri https://www.ixl.com/actions/csp/report-abcya; report-to csp-endpoint; 1 default-src 'self';script-src 'self' 'unsafe-eval' https://*.intercomcdn.com https://*.googletagmanager.com https://www.google-analytics.com https://*.atlassian.com https://*.jquery.com https://www.gstatic.com https://www.google.com https://js.stripe.com https://meet.jit.si https://*.newrelic.com https://ajax.googleapis.com https://og-frontend-static.eu-central-1.staging.public.atl-paas.net https://og-frontend-static.us-west-1.staging.public.atl-paas.net https://og-frontend-static.us-west-2.staging.public.atl-paas.net https://*.launchdarkly.com https://api-private.stg.atlassian.com https://bam.nr-data.net 'sha256-N6H1UNp6u4dhUx+FZUQMMcXz17KIEWQw+ZVCPp4d3Zo=' 'sha256-qyYeb40S0YW7zrzwvSX5SEThkjXxwfWSwDp+FlCY0ic=' 'sha256-ZMCyrJrkz95Pmv4GzcpT7uihWvUib4x2CFIKGfMsuYU=' 'sha256-ffGUIypjdVM8v7ybOzYmI52fKI8S9IVsUI1OqyrUw8Q=' 'sha256-EDjjBs94Stex4ZGklOCuTsCzORfBdkIlIxFLsvwqje0=' 'sha256-4qVpzn2Bx0qK9KtIsF/n3VVomtjXD/qPqKpKFNRrMWY=';connect-src 'self' https://*.sentry.io https://*.googletagmanager.com https://*.atlassian.com https://api.segment.io https://stats.g.doubleclick.net https://*.atlassian.com https://api.segment.io https://stats.g.doubleclick.net https://og-frontend-static.eu-central-1.staging.public.atl-paas.net https://*.launchdarkly.com https://api-private.stg.atlassian.com https://bam.nr-data.net https://og-postmortem-lab-oregon.s3.us-west-2.amazonaws.com/ https://og-postmortem-lab-oregon.s3.us-west-1.amazonaws.com/ https://og-postmortem-lab-oregon.s3.eu-central-1.amazonaws.com/ https://www.google-analytics.com https://*.intercom.io https://*.intercomcdn.com wss://*.intercom.io;style-src 'self' 'unsafe-inline' https://og-frontend-static.eu-central-1.staging.public.atl-paas.net https://og-frontend-static.us-west-1.staging.public.atl-paas.net https://og-frontend-static.us-west-2.staging.public.atl-paas.net data:;frame-src 'self' https://*.atlassian.com https://*.opsgenie.com https://js.stripe.com https://app.opsgeni.us https://reporting.opsgeni.us/;img-src 'self' data: https://og-frontend-static.eu-central-1.staging.public.atl-paas.net https://og-frontend-static.us-west-1.staging.public.atl-paas.net https://og-frontend-static.us-west-2.staging.public.atl-paas.net https://www.google.com https://www.google.com.tr https://resources.opsgeni.us/resources/images/ https://www.google.cv https://q.quora.com https://www.google.co.il https://www.google.co.in;font-src 'self' https://fonts.gstatic.com https://og-frontend-static.eu-central-1.staging.public.atl-paas.net https://og-frontend-static.us-west-1.staging.public.atl-paas.net https://og-frontend-static.us-west-2.staging.public.atl-paas.net data:;prefetch-src 'self' https://og-frontend-static.eu-central-1.staging.public.atl-paas.net https://og-frontend-static.us-west-1.staging.public.atl-paas.net https://og-frontend-static.us-west-2.staging.public.atl-paas.net;report-uri https://web-security-reports.services.atlassian.com/csp-report/opsgenie-prod-us-violations;frame-ancestors 'self' 1 default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-gnlpNCC2oX2aoZKSgu3fhg=='; style-src 'self' www.gstatic.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://csp-reporter.publishing.service.gov.uk/report 1 script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.heapanalytics.com *.2mdn.net *.33across.com *.acexchange.co.kr *.ad-generation.jp *.adagio.io *.addthis.com *.addthisedge.com *.adform.com *.adiiix.com *.adingo.jp *.admanmedia.com *.admixer.com *.admixer.net *.adtech.com *.adtiming.com *.advangelists.com *.advertising.com *.adyoulike.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.amxrtb.com *.aniview.com *.aol.com *.appnexus.com *.aps.amazon.com *.aralego.com *.avantisvideo.com *.axonix.com *.beachfront.com *.behave.com *.betweendigital.com *.bidmachine.io *.bidstreammedia.com *.bidtellect.com *.bing.com *.blis.com *.braintreegateway.com *.brid.tv *.brightcove.com *.brightcove.net *.chocolateplatform.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.consumable.com *.contextweb.com *.conversantmedia.com *.crazyegg.com *.criteo.com *.criteo.net *.districtm.io *.doubleclick.net *.doubleverify.com *.e-planning.net *.e-volution.ai *.emxdgt.com *.engagebdr.com *.eskimi.com *.exponential.com *.facebook.com *.facebook.net *.fastclick.net *.freewheel.tv *.google-analytics.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.id5-sync.com *.improvedigital.com *.indexexchange.com *.infolinks.com *.inmobi.com *.inskinmedia.com *.instagram.com *.insticator.com *.jquery.com *.kargo.com *.launchdarkly.com *.lemmatechnologies.com *.lijit.com *.lkqd.com *.lkqd.net *.logan.ai *.loopme.com *.marketo.net *.media.net *.mediago.io *.mediatradecraft.com *.moatads.com *.mobfox.com *.mobileadtrading.com *.my.com *.my6sense.com *.narrativ.com *.nativo.com *.newrelic.com *.nr-data.net *.ogury.com *.onetag.com *.openexchangerates.org *.openx.com *.outbrain.com *.playbuzz.com *.pokkt.com *.prodooh.com *.proper.io *.pubmatic.com *.pubnative.net *.px-cdn.net *.quantcount.com *.quantserve.com *.realself.com *.revcontent.com *.rhythmone.com *.richaudience.com *.risecodes.com *.rlcdn.com *.rsdev.co *.rubiconproject.com *.s-onetag.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartyads.com *.snapengage.com *.somoaudience.com *.sonobi.com *.sovrn.com *.speedcurve.com *.spotx.tv *.spotxchange.com *.springserve.com *.ssp.e-volution.ai *.ssp.logan.ai *.stackadapt.com *.synacor.com *.target.my.com *.teads.tv *.telaria.com *.themediagrid.com *.tremorhub.com *.tribalfusion.com *.triplelift.com *.typekit.net *.ucfunnel.com *.undertone.com *.unrulymedia.com *.vdopia.com *.velismedia.com *.verve.com *.video.unrulymedia.com *.vidoomy.com *.yahoo.com *.yieldmo.com *.zencdn.net btloader.com openexchangerates.org blob:; worker-src 'self' blob:; frame-ancestors *; form-action *; report-uri https://api.realself.com/v1/rs-csp-sc/csp-info; report-to security-report 1 default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: 'unsafe-inline'; report-uri https://investorplace.com/wp-content/plugins/mixed-content-logging/report-uri/mcl-uri.php 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-e844b0edddbc19dac931173d2d593c1d' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 frame-ancestors 'self' https://www.bing.com https://www.google.at https://www.google.de https://*.search.yahoo.com; report-uri https://www.rolex.com/csp-reports/?req_id=51a361f3 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: web-writer.us.smartlook.cloud seoab.io druidbotservice.prod.druidprod.a-kmtkmg.net t.paypal.com authentication.cardinalcommerce.com adservice.google.com *.opendns.com *.snapchat.com api.paydock.com unpkg.com survey.survicate.com kmartau.mo.cloudinary.net c.oracleinfinity.io bat.bing.com embed.salefinder.co.nz www.google.fr staticw2.yotpo.com cdn.honey.io *.googlesyndication.com *.optimizely.com p.yotpo.com www.google.nr region1.google-analytics.com *.doubleclick.net *.pinterest.com mycardsecure.com widget.paydock.com *.trendmicro.com *.kmart.com.au web-writer.eu.smartlook.cloud www.gstatic.com bam.nr-data.net web-sdk.smartlook.com *.tealiumiq.com *.facebook.com *.tiktok.com ssl.google-analytics.com api-cdn.yotpo.com webservice.salefinder.com.au www.google.com tags.tiqcdn.com www.paypal.com js-agent.newrelic.com www.google.com.pg assets.queue-it.net shopping.qantas.com maps.gstatic.com surveys-static.survicate.com translate.google.com www.google-analytics.com embed.salefinder.com.au druidapi.prod.druidprod.a-kmtkmg.net databridge.tdbtrk.com www.google.co.th yotpo-stool.s3.amazonaws.com www.google.co.in cdn.truefitcorp.com www.youtube.com www.google.com.sg analytics.google.com dc.oracleinfinity.io www.google.co.id *.googleapis.com cdn-yotpo-images-production.yotpo.com *.mastercard.com *.facebook.net www.google.com.vn www.google.com.au ac.cnstrc.com www.googletagmanager.com web-writer.sg.smartlook.cloud cdn.megabonus.com www.google.lk static.queue-it.net *.flashtalking.com salefinder.com.au respondent.survicate.com www.google.co.uk at.alicdn.com druidapc.prod.druidprod.a-kmtkmg.net *.googleadservices.com sc-static.net www.rsa3dsauth.co.uk *.pinimg.com www.google.co.jp cnstrc.com apis.google.com fonts.gstatic.com www.google.com.fj kma-cdn.truefitcorp.com www.google.co.nz www.google.com.my 50.xg4ken.com cloud.shopback.com assets-proxy.smartlook.cloud consumer.truefitcorp.com *.cloudfront.net *.custhelp.com cdn-quick-ar.threedy.ai www.google.es www.google.com.ph zip-co-media.s3.ap-southeast-2.amazonaws.com www.paypalobjects.com quick-ar.threedy.ai manager.eu.smartlook.cloud use.typekit.net secure5.arcot.com www.google.ca www.google.com.hk i.ytimg.com www.google.com.pk images.ctfassets.net; form-action mycardsecure.com www.rsa3dsauth.co.uk widget.paydock.com api.paydock.com secure7.arcot.com *.kmart.com.au *.pinterest.com *.facebook.com *.snapchat.com authentication.cardinalcommerce.com; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-lw2ZNGsmgBJ25w0vFXJpXQ=='; style-src 'self' www.gstatic.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://csp-reporter.publishing.service.gov.uk/report 1 script-src 'strict-dynamic' 'nonce-vGscjn8J/d5+0aRFqHaAmQ=='; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-NwbIt9rUu1HEPrqJDc523w=='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/googleorg 1 default-src 'self'; frame-ancestors 'self'; form-action 'self'; img-src 'self' img.youtube.com https:; object-src 'none'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' blueconic.net *.blueconic.net siteimproveanalytics.io *.siteimproveanalytics.io siteimproveanalytics.com *.siteimproveanalytics.com googleadservices.com *.googleadservices.com google.com *.google.com youtube.com *.youtube.com wwu.edu *.wwu.edu technolutions.net *.technolutions.net tableau.com *.tableau.com googleusercontent.com *.googleusercontent.com vimeocdn.com *.vimeocdn.com windows.net *.windows.net github.io *.github.io googletagmanager.com *.googletagmanager.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net; report-uri https://www.wwu.edu/report-uri/reportOnly 1 default-src 'self' *.fabfitfun.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fabfitfun.com *.recurly.com *.amazonaws.com *.ada.support www.dwin1.com *.google-analytics.com *.doubleclick.net www.googleadservices.com www.googletagmanager.com *.hcaptcha.com hcaptcha.com *.exitintel.com *.facebook.net *.facebook.com *.tiktok.com *.cookielaw.org *.segment.com *.tvsquared.com *.onetrust.com *.adsrvr.org sc-static.net *.zdassets.com *.crrnt.app *.pixlee.com *.roeyecdn.com *.amplitude.com *.bing.com *.googleapis.com *.exitintel.com *.jsdelivr.net *.datadoghq-browser-agent.com *.gladly.com *.braintreegateway.com *.paypal.com *.cloudflare.com *.hotjar.com *.clarity.ms accessibilityserver.org *.userway.org *.tryamped.com *.pinimg.com *.ads-twitter.com blob:; style-src * 'unsafe-inline' data: blob:; connect-src *; frame-src *; img-src * 'unsafe-inline' data: blob:; font-src * 'unsafe-inline' data: blob:; media-src 'self' *.zdassets.com; object-src 'none'; 1 default-src 'self' sante.fr attente.sante.fr *.gouv.fr *.dmcdn.net *.synapse-medicine.com *.twitter.com *.twimg.com *.xiti.com *.data.gouv *.rogervoice.com *.googleapis.com *.mapbox.com *.cloudflareinsights.com *.googletagmanager.com api-adresse.data.gouv.fr *.google.com vitemadose.gitlab.io *.dailymotion.com *.youtube.com *.soundcloud.com; script-src 'self' sante.fr attente.sante.fr *.gouv.fr *.dmcdn.net *.synapse-medicine.com *.twitter.com *.twimg.com *.xiti.com *.data.gouv *.rogervoice.com *.googleapis.com *.mapbox.com *.cloudflareinsights.com *.googletagmanager.com api-adresse.data.gouv.fr *.google.com vitemadose.gitlab.io *.dailymotion.com *.youtube.com *.soundcloud.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' sante.fr attente.sante.fr *.gouv.fr *.dmcdn.net *.synapse-medicine.com *.twitter.com *.twimg.com *.xiti.com *.data.gouv *.rogervoice.com *.googleapis.com *.mapbox.com *.cloudflareinsights.com *.googletagmanager.com api-adresse.data.gouv.fr *.google.com vitemadose.gitlab.io *.dailymotion.com *.youtube.com *.soundcloud.com unpkg.com cdnjs.cloudflare.com 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src 'self' sante.fr attente.sante.fr *.gouv.fr *.dmcdn.net *.synapse-medicine.com *.twitter.com *.twimg.com *.xiti.com *.data.gouv *.rogervoice.com *.googleapis.com *.mapbox.com *.cloudflareinsights.com *.googletagmanager.com api-adresse.data.gouv.fr *.google.com vitemadose.gitlab.io *.dailymotion.com *.youtube.com *.soundcloud.com *.c-napps.com fonts.gstatic.com fonts.bunny.net data:; report-uri /report-csp-violation 1 form-action *.facebook.com *.vagaro.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: region1.google-analytics.com px.mountain.com *.rackcdn.com *.windows.net wss://printer-relay.zsterm.io:8002 *.adsrvr.org www.google.co.uk ashelppagesearch.azurewebsites.net ut.rd.linksynergy.com p.typekit.net idsync.rlcdn.com data.adxcel-ec2.com wss://relay.zsterm.io:9003 tags.rd.linksynergy.com www.gstatic.com cdn.livechatinc.com portal.zenswipe.com use1.fptls.com api.amplitude.com secure.livechatinc.com wss://printer-relay.zsterm.io:8001 cdn.linkedin.oribi.io bat.bing.com wss://printer-relay.zsterm.io:8009 api.livechatinc.com wss://relay.zsterm.io:9002 track.hubspot.com js.bankpay.certegy.com 734-zhx-160.mktoresp.com *.azureedge.net gator.stripe.com *.sentry.io www.google.com *.doubleclick.net *.googleapis.com assets.website-files.com api.ipify.org wss://printer-relay.zsterm.io:8004 www.google.com.pa use.typekit.net www.google.ca redirect.prod.experiment.routing.cloudfront.aws.a2z.com js.hs-banner.com wss://relay.zsterm.io:9005 *.facebook.com cdn.livechat-files.com *.taboola.com calendly.com www.google-analytics.com stackpath.bootstrapcdn.com js.stripe.com *.vagaro.com wss://printer-relay.zsterm.io:8003 snap.licdn.com www.google.com.au wss://relay.zsterm.io:9004 tsdtocl.com www.google.com.pr *.pinimg.com ekr.zdassets.com www.google.co.in *.pinterest.com wss://printer-relay.zsterm.io:8006 static2.sharepointonline.com www.youtube.com *.linkedin.com cdn.scaleflex.it wss://relay.zsterm.io:9007 dx.mountain.com analytics.google.com www.googletagmanager.com maps.gstatic.com fjfpnmdkhkfn.statuspage.io dc.services.visualstudio.com ka-p.fontawesome.com wss://printer-relay.zsterm.io:8005 kit.fontawesome.com cdn.jsdelivr.net *.zendesk.com wss://relay.zsterm.io:9006 svc.webspellchecker.net tag.rmp.rakuten.com fonts.gstatic.com certify.alexametrics.com use1.fptls2.com *.facebook.net fpnpmcdn.net cdn.amplitude.com wss://printer-relay.zsterm.io:8008 gs.mountain.com wss://relay.zsterm.io:9001 wss://relay.zsterm.io appleid.cdn-apple.com use1.fptls3.com wss://relay.zsterm.io:9009 static.zdassets.com wss://printer-relay.zsterm.io *.fbcdn.net consent.linksynergy.com wss://printer-relay.zsterm.io:8007 adservice.google.com h.parrable.com code.jquery.com polyfill.io js.hs-analytics.net wss://relay.zsterm.io:9008 js.hs-scripts.com certify-js.alexametrics.com; frame-ancestors 'self' ; report-uri /csp_report 1 default-src https: wss: data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.dba.dk/api/csplogger/mixedcontent/dba 1 block-all-mixed-content; style-src 'self' 'unsafe-inline' *.uni-wuerzburg.de www.google.com; img-src 'self' data: *.uni-wuerzburg.de *.gstatic.com *.google.com www.googleapis.com; object-src 'self' *.uni-wuerzburg.de; frame-src 'self' *.uni-wuerzburg.de *.youtube-nocookie.com cse.google.com; frame-ancestors 'self' *.uni-wuerzburg.de; base-uri 'self' www.uni-wuerzburg.de; form-action 'self' *.bibliothek.uni-wuerzburg.de www.uni-wuerzburg.de; media-src 'self' data: *.uni-wuerzburg.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.uni-wuerzburg.de *.google.com; report-uri https://www2.uni-wuerzburg.de/rz/csp-report-uri/ 1 default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri ; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com *.adyenpayments.com * *.live-video.net; form-action 'self'; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com *; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-9f8e0abd4fb39f21d9fedfa72443b244' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; report-uri /_/_/csp_report/?reportonly , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com *.adyenpayments.com * 'report-sample'; worker-src 'self' blob: 'unsafe-inline' *; report-uri /_/_/csp_report/?reportonly 1 default-src 'none'; connect-src 'self' data: *; font-src 'self' https://fonts.gstatic.com; img-src 'self' * data: blob: 'unsafe-inline'; media-src 'self' * data: blob: 'unsafe-inline'; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-rrOq74NHUtQDWokSRjPmFrdH'; style-src 'self' 'unsafe-inline' *; report-uri /marketplace/api/csp-report 1 default-src 'self' *.twimg.com *.vimeo.com www.youtube.com *.cdninstagram.com; connect-src 'self' *.facebook.com www.google-analytics.com; script-src 'self' *.facebook.com *.facebook.net www.googletagmanager.com *.google-analytics.com *.netdna-ssl.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.typekit.net *.netdna-ssl.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: *.facebook.com s.w.org secure.gravatar.com *.twimg.com *.google-analytics.com *.cdninstagram.com *.netdna-ssl.com; font-src data: 'self' fonts.gstatic.com use.typekit.net *.netdna-ssl.com; frame-src www.facebook.com player.vimeo.com www.youtube.com; report-uri https://browser-listener-10c8e3692d0a.cloudapps.digital/csp-reports; report-to csp-endpoint 1 default-src 'self' *.openjdk.java.net feedburner.google.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' feeds.feedburner.com *.statcounter.com statcounter.com; img-src 'self' data: *.statcounter.com *.openjdk.java.net feedburner.google.com; frame-ancestors 'none'; report-uri https://openjdk.report-uri.io/r/default/csp/reportOnly 1 base-uri 'self'; frame-src 'self' data: https://codesandbox.io https://1-17-1-sandpack.codesandbox.io/ https://embed.diagrams.net https://www.grokkingpython.com https://www.paypalobjects.com https://googleads.g.doubleclick.net https://pay.google.com https://bid.g.doubleclick.net https://accounts.google.com https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://vimeo.com https://player.vimeo.com *.hotjar.com *.hotjar.io https://www.google.com/recaptcha/ https://assets.braintreegateway.com https://*.paypal.com https://*.cardinalcommerce.com https://tpc.googlesyndication.com https://*.educative.run https://js.educative.io https://sandpack.educative.io; object-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cardinalcommerce.com https://track.linksynergy.com https://ws.zoominfo.com https://tags.rd.linksynergy.com https://services.xg4ken.com https://grow.clearbitjs.com https://q.quora.com https://public.profitwell.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://js.hs-scripts.com https://tag.rmp.rakuten.com https://a.quora.com https://js.hsadspixel.net https://js.hs-banner.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hs-analytics.net https://www.googletagmanager.com https://*.google.com https://*.google-analytics.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://connect.facebook.net https://twitter.com https://*.twitter.com https://*.ads-twitter.com https://snap.licdn.com https://player.vimeo.com https://www.gstatic.com https://www.dwin1.com https://px.ads.linkedin.com https://www.linkedin.com https://educative.activehosted.com https://*.youtube.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://s.ytimg.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://tpc.googlesyndication.com https://code.jquery.com/jquery-3.1.1.slim.min.js https://cdnjs.cloudflare.com/ajax/libs/babel-core/5.8.23/browser.js https://d3rxaij56vjege.cloudfront.net/form-serialize/0.3/serialize.min.js; worker-src 'self'; report-uri https://www.educative.io/report/csp 1 default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=A2I9A3Q2GNFNGQ:sid=259-8592697-3283439:rid=JSR7TWVSHMNX71BJD7B3:sn=www.audible.co.uk 1 form-action www.smythstoys.com *.facebook.com *.bazaarvoice.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: adservice.google.com *.doubleclick.net *.bazaarvoice.com webapp.woosmap.com *.online-metrix.net www.usemaxserver.de pouch-global-font-assets.s3.eu-central-1.amazonaws.com api.geevisit.com www.google.se fonts.gstatic.com region1.analytics.google.com *.googleapis.com www.gstatic.com www.capitalkoala.com www.smythstoys.com media.flixfacts.com cdnjs.cloudflare.com www.youtube.com *.hotjar.com *.facebook.com api.autoaddress.ie media.flixcar.com www.google-analytics.com images.woosmap.com tiger-runner.zoovu.com widgets.trustedshops.com www.google.com.ph event.webcollage.net www.google.ro www.google.nl webapp-conf.woosmap.com wchat.freshchat.com www.google.ch content.syndigo.com www.googletagmanager.com www.google.at event.syndigo.cloud 396468268852172.eu.webpush.freshchat.com api.trustedshops.com *.youtube-nocookie.com wchat.eu.freshchat.com analytics.google.com eu.klarnaevt.com euc-widget.freshworks.com region1.google-analytics.com tiger-cdn.zoovu.com *.facebook.net maps.gstatic.com smyths-ce.circulator.com availability.loadbee.com image.smythstoys.com 4pgv9quzck.execute-api.eu-west-1.amazonaws.com www.google.fr api.woosmap.com www.google.ie www.google.co.il www.google.de cdn.loadbee.com www.google.hu www.myhermes.co.uk widget.mondialrelay.com trustbadge.api.etrusted.com recs.richrelevance.com scontent.webcollage.net syndi.webcollage.net www.google.pl www.recaptcha.net api-abtesting.flix360.io www.google.com www.google.co.uk i.ytimg.com snippets.freshchat.com vc.hotjar.io prod.flixgvid.flix360.io api.geetest.com www.google.vg content.webcollage.net js.stripe.com sdk.woosmap.com; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-QJjkvh/fCrwPXsAmDJos5Q=='; style-src 'self' www.gstatic.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://csp-reporter.publishing.service.gov.uk/report 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.blogher.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ai.asapp.com *.wistia.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com snap.licdn.com munchkin.marketo.net static.ads-twitter.com googleads.g.doubleclick.net www.google.com analytics.twitter.com app-sj32.marketo.com src.litix.io www.googleanalytics.com www.googleoptimize.com optimize.google.com unpkg.com scout-cdn.salesloft.com cdn.segment.com; style-src 'self' 'unsafe-inline' ai.asapp.com pro.fontawesome.com fonts.googleapis.com app-sj32.marketo.com optimize.google.com; font-src 'self' data: pro.fontawesome.com fonts.googleapis.com fonts.gstatic.com; img-src 'self' https: data: www.google-analytics.com www.googletagmanager.com optimize.google.com; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; connect-src 'self' ai.asapp.com www.google-analytics.com stats.g.doubleclick.net *.wistia.com embedwistia-a.akamaihd.net *.mktoresp.com *.mktoutil.com *.litix.io *.lever.co scout.salesloft.com cdn.segment.com api.segment.io; frame-src ai.asapp.com bid.g.doubleclick.net app-sj32.marketo.com fast.wistia.com www.googletagmanager.com optimize.google.com youtube.com www.youtube.com; object-src embedwistia-a.akamaihd.net embed-fastly.wistia.com; worker-src blob:; frame-ancestors 'self' asapp.northpass.com; report-uri https://asapp.report-uri.com/r/d/csp/reportOnly 1 form-action geo.cardinalcommerce.com *.salesforceliveagent.com deviceauth.moneygram.com *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleadservices.com adservice.google.com *.doubleclick.net www.tp88trk.com webv2cmsprod.aws.moneygram.com *.sitescout.com *.force.com www.redditstatic.com *.googleapis.com tr.silverpush.co fonts.gstatic.com consent.trustarc.com c0.adalyser.com flask.nextdoor.com cdnjs.cloudflare.com events-moneygram.gomoxie.solutions *.quantummetric.com *.facebook.com www.google.fr banner.appsflyer.com impressions.onelink.me deviceauth.moneygram.com *.salesforceliveagent.com centinelapi.cardinalcommerce.com k-us1.az.contentsquare.net www.google.es www.google.com.ph events.smct.co clickmeter.com six.cdn-net.com *.googlesyndication.com sp.analytics.yahoo.com hosted.where2getit.com q-us1.az.contentsquare.net b.clarity.ms js.smct.co moneygram.pxf.io tags.rd.linksynergy.com www.google.it f.clarity.ms i.clarity.ms h.clarity.ms k.clarity.ms consumerapi.moneygram.com www.google.com.jm asset.gomoxie.solutions pix.pub sc-static.net js.smct.io www.google.ci s.yimg.com geo.cardinalcommerce.com www.google.com *.snapchat.com bat.bing.com l.clarity.ms www.google.com.au cdn.appsflyer.com config1.veinteractive.com digitalfeedback.us.confirmit.com *.facebook.net moneygram-intl.ingeniuxondemand.com global.moneygram.com www.google.com.pk www.woopra.com c.clarity.ms www.google.com.ng l.contentsquare.net kg668dbov0.execute-api.us-east-1.amazonaws.com smct.co www.google.ca *.wlp-acs.com cdn.honey.io utt.impactcdn.com alb.reddit.com www.gstatic.com www.google.co.in up.pixel.ad maps.gstatic.com www.google.de c.az.contentsquare.net nkys7k94ig.execute-api.us-east-2.amazonaws.com creatives-cdn.appsflyer.com songbird.cardinalcommerce.com wa.appsflyer.com t.contentsquare.net websdk.appsflyer.com api.onfido.com includes.ccdc02.com location.gomoxie.solutions www.googletagmanager.com d.turn.com www.google-analytics.com www.ojrq.net wa.onelink.me ads.nextdoor.com www.google.com.mx firehose.eu-west-1.amazonaws.com; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.twitter.com www.google-analytics.com framework-gb.cdn.gob.mx fecdn.user1st.info bam.nr-data.net cdnjs.cloudflare.com *.imss.gob.mx maps.google.com *.facebook.com www.youtube.com *.facebook.net www.google.com fonts.gstatic.com translate.google.com ssl.google-analytics.com maps.gstatic.com *.googleapis.com *.doubleclick.net js-agent.newrelic.com code.jquery.com; form-action *.imss.gob.mx; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://tags.srv.stackadapt.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.googleoptimize.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.stackadapt.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1 connect-src 'self' *.bazaarvoice.com *.clarity.ms *.crazyegg.com *.demdex.net *.doubleclick.net *.forter.com *.googleapis.com *.perimeterx.net *.px-cdn.net *.px-client.net *.px-cloud.net *.pxchk.net *.taboola.com *.totalwine.com *.tt.omtrdc.net 1637314617.rsc.cdn77.org adservice.google.com analytics.twitter.com assets.adobedtm.com bam.nr-data.net bat.bing.com c.az.contentsquare.net cdn.cookielaw.org cms.totalwine.bloomreach.cloud ct.pinterest.com d.adroll.com d2o5idwacg3gyw.cloudfront.net geolocation.onetrust.com in.visitors.live ipapi.co k-us1.az.contentsquare.net l.contentsquare.net meetlookup.com pagead2.googlesyndication.com privacyportal.onetrust.com properties q-us1.az.contentsquare.net recs.richrelevance.com schema.milestoneinternet.com settings.luckyorange.net siteintercept.qualtrics.com t.co trail.grin.co us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net utq.vvipquan.com vimeo.com wss://cdn0.forter.com wss://in.visitors.live wss://visitors.live www.cloudflare.com www.facebook.com www.google-analytics.com www.google.com www.googletagmanager.com www.instagram.com www.paypal.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bazaarvoice.com *.clarity.ms *.forter.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.ibosscloud.com *.microsofttranslator.com *.perimeterx.net *.totalwine.siteintercept.qualtrics.com 1.safecdn01.com 172.22.43.24:15871 3001.scriptcdn.net aa.agkn.com about activitymap.adobe.com amplify.outbrain.com analytics-static.ugc.bazaarvoice.com analytics.twitter.com api.datasteam.io apis.murdoog.com appslinker.net ascend.pepperjam.com assets.acdn.no assets.adobedtm.com assets.photo-ac.com auctioneer.50million.club bam-cell.nr-data.net bam.nr-data.net bat.bing-int.com bat.bing.com biglinksrc.cool blipznchitzcom-a.akamaihd.net blob: bpb.opendns.com brounelink.com c.paypal.com c2op6nqb.micpn.com captcha.px-cdn.net cdn.bitkeep.vip cdn.brcdn.com cdn.cookielaw.org cdn.cqxcbb.cn cdn.credithub.com.br cdn.datasteam.io cdn.jsdelivr.net cdn.mathjax.org cdn.optitc.com cdn.pdst.fm cdn.segment.com cdn.tt.omtrdc.net cdn.walkme.com cdncache-a.akamaihd.net cdnjs.cloudflare.com cilkonlay.com client.px-cloud.net clipsold.com cms.totalwine.bloomreach.cloud code-origin.murdoog.com components.pearl.com connect.facebook.net conoret.com container.pepperjam.com core.conversant.mgr.consensu.org d.adroll.com d.la1-c2-ia4.salesforceliveagent.com d.la1-c2-ia5.salesforceliveagent.com d213nytzlt2v5a.cloudfront.net d31b6i309j1ui2.cloudfront.net d35u1vg1q28b3w.cloudfront.net d38xvr37kwwhcm.cloudfront.net dakotaram.com data display.ugc.bazaarvoice.com docs.paymentjs.firstdata.com donewrork.org embed.tawk.to f5rrzo.x9m86.com f5smf2.svn0czn.com floatingplayer.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net gc.kis.v2.scr.kaspersky-labs.com geolocation.onetrust.com googleads.g.doubleclick.net hublosk.com i0gj.su3e5.com inter.gamerplaynetwork.com js-agent.newrelic.com js.adsrvr.org jullyambery.net lisegreen.biz login-ds.dotomi.com manzanasjuegosco-a.akamaihd.net mpsnare.iesnare.com mstat.acestream.net nickletto.com ongc4tnp.d2sri.com pilaff-up.ru player.vimeo.com q3y57.ap6ktv.com qdatasales.com relatedgamesnet-a.akamaihd.net rialto-gms.s3.amazonaws.com s.adroll.com s.cmptch.com s.pinimg.com s.pmddby.com s3.amazonaws.com schema.milestoneinternet.com script.crazyegg.com secure.mycouponsmartmac.com secure.myshopcouponmac.com secure.myshopmatemac.com secure.quantserve.com secure.shoptimizelymac.com securitycheck.womans.org service.securesrv12.com shopstorys.com singtraff.cool siteintercept.qualtrics.com skillapp.net static.ads-twitter.com static.contextall.com static.lightning.force.com static.regsvcs.theknot.com static.tacdn.com static.zdassets.com stonly.com subwayclanscom-a.akamaihd.net sysfileff.com t.contentsquare.net teddytor.abtasty.com test.micpn.com threatprotection.nordvpn.com toolbox.static.eu.context.cloud.sap totalwine-sites.secure.force.com totalwine.my.salesforce.com totalwine.widget.custhelp.com tpc.googlesyndication.com tr.outbrain.com tracksmall.com try.abtasty.com twitter.com ucads-cdn.ucweb.com unpkg.com utq.vvipquan.com w8o39.m70vee7.com worksrc.cool wsv3cdn.audioeye.com www.googleadservices.com www.myregistry.com www.pagespeed-mod.com www.paypal.com www.paypalobjects.com www.todyl.com www.totalwine.com www.upsellit.com www.youtube.com zne8jbwf0djz2vvnd-totalwine.siteintercept.qualtrics.com zswpmanager.wip.mmc.com; report-uri https://csp.px-cloud.net/report?report=1&id=95f6ebb749f8d2db637a2a421410a81e&app_id=PXFF0j69T5 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 frame-ancestors 'self' http://*.oriflame.com https://*.oriflame.com http://*.online.ori https://*.online.ori http://*.ori.local https://*.ori.local http://*.oriflame.cc https://*.oriflame.cc http://*.oriflame.ru https://*.oriflame.ru http://*.oriflame.cn https://*.oriflame.cn; report-uri /CspReport?policyRequestId=b466ef0c815d9891 1 report-uri https://endpoint2.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV3VOE24ov0vchYgO3uoxKHdePxnKoFiICkeq1Vt2reRBEg4zYmpS2XL1UJS-0Ova9gUiV2PUH3EvuXcIOdrBPvAUgkIP-ZRbRMryNUY6YGqAQ== ; block-all-mixed-content ; default-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.live ; script-src 'report-sample' 'self' 'unsafe-eval' https://*.videoask.com https://*.videoask.live 'unsafe-inline' https://js.stripe.com https://www.dropbox.com https://*.calendly.com https://*.oncehub.com https://cdn.amplitude.com https://cdn.cookielaw.org https://cdn.rollbar.com https://cdn.segment.com https://connect.facebook.net https://fast.wistia.com https://script.crazyegg.com https://snap.licdn.com https://snippet.growsumo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://cdn.optimizely.com https://js.partnerstack.com https://edge.fullstory.com ; base-uri 'report-sample' 'self' ; img-src 'report-sample' 'self' data: blob: android-webview-video-poster: https: ; media-src 'report-sample' 'self' blob: data: https: ; connect-src 'report-sample' 'self' blob: https://*.videoask.com https://*.videoask.live wss://*.videoask.live wss://*.videoask.com https://videoask-media-dev.s3-accelerate.amazonaws.com https://videoask-media-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3-accelerate.amazonaws.com https://videoask-uploads-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3.amazonaws.com https://videoask-uploads-prod.s3.amazonaws.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.launchdarkly.com https://*.pexels.com https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.rollbar.com https://api.segment.io https://api.amplitude.com https://*.g.doubleclick.net https://www.google-analytics.com https://*.crazyegg.com https://p.adsymptotic.com https://www.facebook.com https://track.segmetrics.io https://*.google.com https://rs.fulls