Values for content-security-policy-report-only:
default-src 'self' www.google.com www.gstatic.com img6.wsimg.com *.secureserver.net collect.tealiumiq.com *.akamaihd.net c.go-mpulse.net *.akstat.io www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googletagmanager.com *.godaddy.com data:;font-src * data: blob:;style-src 'self' 'unsafe-inline' img6.wsimg.com www.gstatic.com;script-src * data: blob: 'unsafe-inline' 'unsafe-eval';img-src * data: blob:;connect-src * data: blob:;frame-src * data: blob:;report-uri /forsale/api/csp-reports 361
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 165
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 136
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport 89
default-src https: 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; img-src 'self' data: *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com assets.digital.cabinet-office.gov.uk lux.speedcurve.com; script-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.gstatic.com www.signin.service.gov.uk *.ytimg.com www.youtube.com www.youtube-nocookie.com hmrc-uk.digital.nuance.com 'unsafe-inline'; style-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.gstatic.com 'unsafe-inline'; font-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk data:; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.tax.service.gov.uk hmrc-uk.digital.nuance.com gov.klick2contact.com www.signin.service.gov.uk lux.speedcurve.com; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production 73
default-src https: blob:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data: blob:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport/reportHttp 72
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 29
27
report-uri https://content-api.canon-europe.com/cspreport/webapp/; script-src 'nonce-2726c7f26c' 'self' 'unsafe-eval' 'unsafe-inline' blob: visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com wtbevents.pricespider.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com tags.tiqcdn.com locate.pricespider.com api.bazaarvoice.com app.optimizely.com players.brightcove.net c.evidon.com ds-aksb-a.akamaihd.net apps.nexus.bazaarvoice.com i1.adis.ws check.pricespider.com st.smartassistant.com cdncache-a.akamaihd.net cdn.pricespider.com admin.brightcove.com cdnjs.cloudflare.com connect.facebook.net apps.bazaarvoice.com canon.smartassistant.com app.gatedcontent.com www.youtube.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com cdn3.optimizely.com cdn.optimizely.com sadmin.brightcove.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com turbo.qualaroo.com script.crazyegg.com www.buzzsprout.com snap.licdn.com s3.amazonaws.com s1.adis.ws www.google.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com network.bazaarvoice.com cdnssl.clicktale.net img.en25.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com connect.facebook.net bat.bing.com s.pinimg.com www.googleadservices.com sc-static.net analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com myunidays.com 25
default-src https: data: 'unsafe-inline' 'unsafe-eval' 25
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 22
report-uri https://imkryiyepi.execute-api.eu-west-1.amazonaws.com/production/; default-src https: 'unsafe-inline' 'unsafe-eval'; script-src-elem script-src-elem https://www.googletagservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://securepubads.g.doubleclick.net https://adservice.google.co.uk https://adservice.google.com https://tpc.googlesyndication.com 'unsafe-inline' 'self'; script-src https: https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 21
default-src 'self' 20
default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' * data:; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southeast-1.amazonaws.com https://s3-ap-northeast-1.amazonaws.com/aws-china-media/ https://www.buzzsprout.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a0.awsstatic.com https://amazonwebservicesinc.tt.omtrdc.net https://googleads.g.doubleclick.net https://static.doubleclick.net https://website.spot.ec2.aws.a2z.com https://www.google.com https://www.gstatic.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/; style-src 'self' 'unsafe-inline' https://a0.awsstatic.com; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit 19
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 17
report-uri /report-csp-violation 16
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 15
frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 15
default-src 'self'; connect-src 'self' https://*.intentmedia.net https://*.etraveligroup.net https://*.doubleclick.net https://*.adform.net https://www.google-analytics.com https://widgets.hotels.com https://bat.bing.com https://etgrs2.com https://*.akstat.io https://*.go-mpulse.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.etraveli.com https://*.etraveligroup.com https://*.cdn-net.com https://bat.bing.com https://www.googletagmanager.com https://connect.facebook.net https://adtr.io https://*.bidr.io https://tag.yieldoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.intentmedia.net https://*.adform.net https://*.mouseflow.com https://*.nrich.ai https://*.doubleclick.net https://*.eancdn.com https://*.bidswitch.net https://green.erne.co https://*.rentalcars.com https://widget.trustpilot.com https://www.googleadservices.com https://cdn.klarna.com https://maps.googleapis.com https://widget.getyourguide.com https://widgets.hotels.com https://*.klarnacdn.net https://*.go-mpulse.net; style-src 'self' 'unsafe-inline' data: blob: https://widgets.hotels.com https://fonts.googleapis.com; img-src 'self' data: https://*.etraveli.com https://*.visualwebsiteoptimizer.com https://*.bidswitch.net https://*.doubleclick.net https://*.nrich.ai https://*.hybrid.ai https://*.w55c.net https://*.adsrvr.org https://*.rlcdn.com https://*.bidr.io https://*.seadform.net https://green.erne.co https://tag.yieldoptimizer.com https://dpm.demdex.net https://*.adform.net https://*.zemanta.com https://beacon.krxd.net https://sd.turn.com https://*.google-analytics.com https://maps.googleapis.com https://tag.adaraanalytics.com https://www.facebook.com https://widgets.hotels.com https://bat.bing.com https://www.google.com https://www.google.se https://maps.gstatic.com https://www.googletagmanager.com https://*.akstat.io; font-src 'self' https://fonts.gstatic.com https://widgets.hotels.com; frame-ancestors 'self'; frame-src 'self' https://*.cdn-net.com https://*.cdn.intentmedia.net https://www.facebook.com https://widget.getyourguide.com https://system.etrack1.com https://widgets.hotels.com https://secure.rentalcars.com https://widget.trustpilot.com; object-src 'self' https://*.cdn-net.com 14
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline'; frame-ancestors 'self'; img-src https: data: ; object-src 'none' ; report-uri https://sentry.uniregistry.com/api/18/security/?sentry_key=f430f663325b402bbc96cb5da277ab92 ; 13
font-src 'self' https: data:; report-uri https://o98504.ingest.sentry.io/api/5871000/security/?sentry_key=7d320f4323694d468bd1a75eba48d37f&sentry_environment=production 13
frame-ancestors 'self'; report-uri /beacon/csp.php 12
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com wss://*.qualified.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=cmscache 11
default-src https: 'unsafe-inline' 'unsafe-eval' 11
report-uri https://www.rbb-online.de/app/tpso-cspr/cspr/;frame-ancestors 'self' https://www.rbb24.de https://*.rbb-online.de https://www.radioeins.de https://www.fritz.de https://www.antennebrandenburg.de https://www.inforadio.de https://www.rbb888.de; 11
base-uri 'self'; frame-src https:; object-src 'none';	 worker-src 'self';	 default-src 'self' https://*.googlesyndication.com; img-src 'self' data: http: https:; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.usercentrics.eu https://api.personio.de/recruiting/applicant ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/?reportOnly=true 11
default-src 'self' blob:; style-src 'self' 'unsafe-inline' https://assets1.freshteam.com https://www.google.com https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://themes.googleusercontent.com https://wcdn.3cx.com https://wstatic.3cx.com https://d20hvw4zeymqbm.cloudfront.net https://cdn.materialdesignicons.com; font-src 'self' https://wcdn.3cx.com https://fonts.googleapis.com https://fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wcdn.3cx.com https://wstatic.3cx.com https://cse.google.com https://snap.licdn.com  https://www.googletagmanager.com https://d20hvw4zeymqbm.cloudfront.net https://assets1.freshteam.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com  https://login.3cx.com https://www.redditstatic.com https://www.google-analytics.com https://ct.capterra.com tpc.googlesyndication.com pagead2.googlesyndication.com https://ssl.geoplugin.net https://services.3cx.com https://ajax.googleapis.com https://connect.facebook.net https://maps.googleapis.com www.gstatic.com;object-src 'none';img-src * data: blob:; media-src * data: blob:; connect-src 'self' https://wcdn.3cx.com https://cdn.3cx.com https://3cx-talent.freshteam.com https://yoast.com https://my.yoast.com https://wstatic.3cx.com https://webapi.3cx.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net sipcy.3cx.com www.facebook.com translate.googleapis.com;child-src 'self' https://www.youtube.com blob:; frame-ancestors 'self'; frame-src 'self' https://3cx.com https://www.google.com https://www.youtube-nocookie.com/  https://cse.google.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://www.googletagmanager.com; block-all-mixed-content; report-uri /csp/; 11
default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net; font-src 'self' *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-uri /rest/trackers/csp; 10
script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 10
frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com 'sha256-0GmZYAqaqzetS+w1EyLdzTxUer98JQtlleth+bhMzm4=' 'sha256-h4kRXx7uh9BDCM48lIeC8OTw0+lUQIlD+u3Rsxo8ixg='; report-uri https://sentry.brandsight.com/api/25/security/?sentry_key=d2a6cc459b0c48dd91884e7063bbddb4 10
default-src 'self' data: https://fonts.gstatic.com/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  img-src 'self' data: https://pixel.consentric.de/ https://c1.adform.net/ https://t23.intelliad.de/ https://t.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://deutschepostag1.d3.sc.omtrdc.net/ https://deutschepostwpmdpagprod2.112.2o7.net/ https://deutschepostpostidprod.112.2o7.net / https://deutschepostag.112.2o7.net/ https://www.gstatic.com/ https://cdn.cookielaw.org/ https://www.facebook.com/ https://www.google.com/ https://t.leadlab.click/ https://insight.adsrvr.org/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://cdn.cookielaw.org/ https://assets.adobedtm.com/ https://maps.google.com/ https://maps.googleapis.com/ https://cookie-cdn.cookiepro.com/ https://geolocation.onetrust.com/ https://www.bing.com/ https://t.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://dev.virtualearth.net/ https://service.force.com/ https://d.la1-c1-fra.salesforceliveagent.com/ https://d.la3-c2-fra.salesforceliveagent.com/ https://d.la1-c1cs-fra.salesforceliveagent.com/ https://meinservice.my.salesforce.com/ https://www.google.com/ https://www.gstatic.com/ https://meinservice-dhl-sites.secure.force.com/ https://static.heidelpay.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://cdn.tt.omtrdc.net/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  style-src 'self' 'unsafe-inline' https://meinservice.my.salesforce.com/ https://service.force.com/ https://www.bing.com/ https://meinservice-dhl-sites.secure.force.com/ https://cdn.tt.omtrdc.net/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  frame-src 'self' https://www.youtube.com/ https://meinservice.my.salesforce.com/ https://service.force.com/ https://www.google.com/ https://payment.heidelpay.com/ https://assets.adobedtm.com/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  connect-src 'self' https://cdn.cookielaw.org/ https://assets.adobedtm.com/ https://dpcomepost.tt.omtrdc.net/ https://privacyportal-de.onetrust.com/ https://t.leadlab.click/ https://www.bing.com/ https://meinservice--rqa.my.salesforce.com/ https://deutschepostag1.d3.sc.omtrdc.net/ https://meinservice-dhl-sites.secure.force.com/ https://pixel.consentric.de/ https://meinservice.my.salesforce.com/ https://client-analytics.braintreegateway.com/ https://api.braintreegateway.com/ https://payments.braintree-api.com/ https://depst-salaut-prod1.pegacloud.net/ https://payment.heidelpay.com/ https://api.heidelpay.com/ https://www.google-analytics.com/ https://insight.adsrvr.org/ https://*.dhl.de/ https://*.dhl.de/ https://*.dhl.com/ https://dpm.demdex.net/ https://*.paypal.com/ https://dpcomepost.tt.omtrdc.net/;  report-uri /bin/csp/report 9
script-src 'report-sample' 'unsafe-inline' https: http:;report-uri /_/PlayStoreUi/cspreport 9
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 9
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 9
connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src https: blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 8
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/ 8
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 8
font-src data: *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com *.adyen.com www.google.com www.xtento.com www.youtube.com www.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net app-wallee.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net app-wallee.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com www.google-analytics.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com app-wallee.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.adyen.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live *.taboola.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 8
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 8
block-all-mixed-content; report-uri https://dmgm.report-uri.com/r/t/csp/reportOnly 7
frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 7
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /opt/csp-violation-report.php 7
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' android-webview-video-poster: https://*.sky.com https://accdn.lpsnmedia.net https://*.liveperson.net https://lpcdn.lpsnmedia.net https://ad.doubleclick.net https://analytics.twitter.com https://assets.adobedtm.com https://bat.bing.com https://cdn3.nowinteract.com https://*.clicktale.net https://*.tvsquared.com https://connect.facebook.net https://imp3.nowinteract.com https://pagead2.googlesyndication.com https://s2.go-mpulse.net https://secure.quantserve.com https://siteintercept.qualtrics.com https://sky.15gifts.com https://sky.local.15gifts.com https://sky.staging.15gifts.com https://skyroi.15gifts.com https://smct.co https://track.uniqodo.com https://web-chat.global.assistant.watson.appdomain.cloud https://www.dwin1.com https://www.google-analytics.com https://www.googletagmanager.com https://zn9p0t5h28cnixixn-skyuk.siteintercept.qualtrics.com https://static.ads-twitter.com https://staging-liveperson-dtm.herokuapp.com https://cdn.tt.omtrdc.net https://bskyb.demdex.net https://dpm.demdex.net https://*.cloudfront.net https://ssl.google-analytics.com https://ecustomeropinions.com https://universal.iperceptions.com https://sd.iperceptions.com https://britishskybroadcasti.tt.omtrdc.net https://cti.w55c.net https://fls.doubleclick.net https://platform.twitter.com https://www.awin1.com https://s0.2mdn.net https://www.zenaps.com https://www.google.ie https://data1.ablapol.com  https://www.facebook.com https://smetrics.sky.com https://www.google.com https://www.google.co.uk https://static.skyassets.com https://*.optimizely.com https://cdn.spatialbuzz.com https://googleads4.g.doubleclick.net https://cdn.privacy-mgmt.com https://proxy.video.sky.com; style-src 'self' 'unsafe-inline' https://www.sky.com https://assets.sky.com https://static.skyassets.com https://stage.static.skyassets.com https://staging-assets.sky.com https://sky.15gifts.com https://sky.local.15gifts.com https://sky.staging.15gifts.com https://skyroi.15gifts.com https://s0.2mdn.net https://www.gstatic.com https://*.liveperson.net https://www.facebook.com https://ad.doubleclick.net https://assets.adobedtm.com https://www.google-analytics.com https://accdn.lpsnmedia.net; font-src 'self' data: https://assets.sky.com https://fonts.gstatic.com https://static.skyassets.com https://stage.static.skyassets.com https://use.typekit.net https://sky.15gifts.com; img-src 'self' data: android-webview-video-poster: https://www.sky.com https://ad.doubleclick.net https://*.doubleclick.net https://assets.sky.com https://bat.bing.com https://*.clicktale.net https://*.optimizely.com https://*.tvsquared.com https://dpm.demdex.net https://idstatus.sky.com https://*.online-metrix.net https://siteintercept.qualtrics.com https://sky.15gifts.com https://sky.local.15gifts.com https://sky.staging.15gifts.com https://skyroi.15gifts.com https://static.skyassets.com https://stage.static.skyassets.com https://t.co https://tracking.audio.thisisdax.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://adservice.google.com https://adservice.google.co.uk https://adservice.google.ie https://*.atdmt.com https://*.cloudfront.net https://live.staticflickr.com https://search.sky.com http://search.sky.com https://smetrics.sky.com https://tags.w55c.net https://staging-assets.sky.com https://www.googletagmanager.com https://images.metadata.sky.com https://assets.contentstack.io https://images.contentstack.io https://secure.sky.com https://skyidapp.sky.com https://lpcdn.lpsnmedia.net https://s0.2mdn.net https://www.zenaps.com https://www.google.ie https://connect.facebook.net https://engagement.uniqodo.com https://*.liveperson.net https://www.gstatic.com https://zn9p0t5h28cnixixn-skyuk.siteintercept.qualtrics.com https://cdn.15gifts.com https://www.awin1.com https://analytics.twitter.com https://proxy.video.sky.com https://cdn.spatialbuzz.com https://assets.adobedtm.com https://accdn.lpsnmedia.net https://googleads4.g.doubleclick.net https://cdn.privacy-mgmt.com; connect-src 'self' android-webview-video-poster: https://www.sky.com https://analytics.faw.sky.com https://api.amplitude.com https://assets.sky.com https://bat.bing.com https://*.bf.dynatrace.com https://britishskybroadcasti.tt.omtrdc.net https://*.clicktale.net https://*.optimizely.com https://cdn.privacy-mgmt.com https://dpm.demdex.net https://googleads4.g.doubleclick.net https://idstatus.sky.com https://integrations.eu-de.assistant.watson.appdomain.cloud https://messaging-authenticator.cf.sky.com https://notifications-api.cf.sky.com https://pages-apps.cf.sky.com https://siteintercept.qualtrics.com https://sky.15gifts.com https://sky.local.15gifts.com https://sky.staging.15gifts.com https://skyroi.15gifts.com https://skyport.sky.com https://smetrics.sky.com https://static.skyassets.com https://stage.static.skyassets.com https://stats.g.doubleclick.net https://vip.timezonedb.com https://web-chat.global.assistant.watson.appdomain.cloud https://webengage.sky.com https://www.google-analytics.com https://sky-search-api.cf.sky.com https://api.amplitude.com https://*.go-mpulse.net https://*.akstat.io https://datalayer-microservice.cf.sky.com https://api.iperceptions.com https://store-locator-api.cf.sky.com https://stark.cf.sky.com wss://stark.cf.sky.com https://*.stage-paas.bskyb.com https://*.stage-cf.sky.com https://skyidapp.sky.com https://www.facebook.com https://availability.advisor.sky.com https://www.zenaps.com https://adservice.google.com https://s0.2mdn.net https://assets.contentstack.io https://images.contentstack.io https://secure.sky.com https://help-search-api-stage.herokuapp.com wss://*.msg.liveperson.net https://lpcdn.lpsnmedia.net https://www.google.ie https://ad.doubleclick.net https://cdn.spatialbuzz.com https://prod-my-photo-api.herokuapp.com https://track.uniqodo.com https://connect.facebook.net https://engagement.uniqodo.com https://agg.oogway.sky.com https://www.gstatic.com https://www.google.com https://www.google.co.uk https://zn9p0t5h28cnixixn-skyuk.siteintercept.qualtrics.com https://*.liveperson.net https://pages-apps-customer-hub.cf.sky.com https://assets.adobedtm.com https://accdn.lpsnmedia.net; frame-src 'self' blob: https://www.sky.com https://pay.sky.com https://*.fls.doubleclick.net https://*.optimizely.com https://bskyb.demdex.net https://dpm.demdex.net https://*.online-metrix.net https://idstatus.sky.com https://lpcdn.lpsnmedia.net https://skyuk.fra1.qualtrics.com https://www.facebook.com https://cdn.privacy-mgmt.com https://universal.iperceptions.com https://www.google.com https://skyforbusiness.sky.com https://skyforbusiness-np.sky.com https://fls.doubleclick.net https://*.clicktale.net https://analytics.global.sky.com https://ad.doubleclick.net https://www.google.ie https://s0.2mdn.net https://www.zenaps.com https://connect.facebook.net https://*.liveperson.net https://sky.15gifts.com https://skyroi.15gifts.com https://www.google-analytics.com https://www.google.co.uk https://static.skyassets.com https://analytics.twitter.com https://cdn.spatialbuzz.com https://advisor.sky.com https://assets.adobedtm.com https://accdn.lpsnmedia.net https://googleads4.g.doubleclick.net https://siteintercept.qualtrics.com https://smetrics.sky.com; worker-src 'self' blob:; child-src 'self' blob:; media-src 'self' https://static.skyassets.com https://stage.static.skyassets.com https://static.video.sky.com http://static.video.sky.com https://assets.contentstack.io https://skyidapp.sky.com https://lpcdn.lpsnmedia.net https://ad.doubleclick.net https://www.google.ie https://*.clicktale.net https://*.liveperson.net https://www.facebook.com https://www.google.com https://proxy.video.sky.com https://bat.bing.com https://dpm.demdex.net https://assets.adobedtm.com https://accdn.lpsnmedia.net https://sky.15gifts.com; 7
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 7
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 7
default-src 'unsafe-inline' 'unsafe-eval' https: wss: blob: ms-appx-web: data:; report-uri /report-violation 7
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/marketing_platform 6
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 6
default-src 'self' *.sixflags.com *.laronde.com *.sixflags.com.mx 'unsafe-inline' 'unsafe-eval' data: blob: *.wistia.net *.wistia.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss:// acsbapp.com *.acsbapp.com cdn.acsbapp.com *.convertexperiments.com *.evgnet.com sc-static.net *.cloudflare.com *.cloudflareinsights.com *.cloudflareaccess.com *.googletagmanager.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.googlesyndication.com *.safeframe.googlesyndication.com www.googletagservices.com *.googleapis.com *.doubleclick.net *.g.doubleclick.net googleads.g.doubleclick.net *.fls.doubleclick.net *.google.com *.google.ca www.google.ca *.google.com.mx www.google.com.mx *.gstatic.com ups.analytics.yahoo.com bat.bing.com sixflags.us-4.evergage.com www.facebook.com *.facebook.net *.pardot.com *.akamaihd.net *.snapchat.com *.twitter.com *.livechatinc.com *.qualaroo.com js.adsrvr.org *.pbbl.co aa.agkn.com *.amgdgt.com dpm.demdex.net pixel.advertising.com www.youtube.com *.youtube.com *.ytimg.com *.freshdesk.com *.queue-it.net *.litix.io ;report-uri https://2850d87804f5002588a978dd8512ca22.report-uri.com/r/d/csp/wizard; 6
default-src https: 'unsafe-inline' data: 6
default-src 'self' https://*.avrotros.org https://*.avrotros.nl https://www.google-analytics.com https://avrotros.blueconic.net https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://kmnl.tns-nipo.com;font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';  media-src *; frame-src *; 6
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 6
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor default-src 'self' 'unsafe-inline' www.shelterlogic.com stage.shelterlogic.com *.cloudmaestro.com h.online-metrix.net bat.bing.com ajax.googleapis.com api.hubapi.com *.zopim.com cdn.cookielaw.org bid.g.doubleclick.net connect.facebook.net d.adroll.com s.adroll.com fonts.googleapis.com fonts.gstatic.com forms.hsforms.com geolocation.onetrust.com js-hs.analytics.com js.hsadspixel.net js.hsforms.net js.hscollectedforms.net seal-ct.bbb.org secure.quantserve.com track.hubspot.com www.facebook.com 6
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.google.com js.klevu.com www.gstatic.com *.cloudmaestro.com www.googleadservices.com googleads.g.doubleclick.net 6
default-src https:; connect-src https:; font-src https: data:; child-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: data:; report-uri https://18d36df5be4d2f0680090c55b489865d.report-uri.com/r/d/csp/reportOnly 6
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: https: blob: android-webview-video-poster: android-webview: chrome-extension: moz-extension: ms-browser-extension: about: 5
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; connect-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: https://sentry.eff.org/api/2/store/; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 5
default-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: https: www.google.com tags.tiqcdn.com secure.insightexpressai.com browser-update.org *.newrelic.com *.nr-data.net api.swiftype.com onqblog.disqus.com a.disquscdn.com platform.twitter.com snapdragonblog.disqus.com 3642644.fls.doubleclick.net 'sha256-/3jsvuZODfJI1Eg99StI7HtPfGc1mT2ElQZ8nHDbQbM='; object-src https://metrics.brightcove.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: www.qualcomm.com pt-corpmktg.qualcomm.com qualcomm.sc.omtrdc.net sb.scorecardresearch.com metrics.brightcove.com *.nr-data.net analytics.twitter.com t.co controller.4seeresults.com events.foreseeresults.com insight.adsrvr.org; media-src 'self' blob: https: secure.brightcove.com; frame-src 'self' https: www.youtube.com disqus.com 3642644.fls.doubleclick.net www.juicer.io; font-src 'self' data: https: vjs.zencdn.net; connect-src 'self' https: *.nr-data.net links.services.disqus.com; report-uri /admin/config/system/seckit/csp-report 5
frame-ancestors 'self'; report-uri /stf/reportiframe 5
img-src 'self' data: *; report-uri https://www.arcgames.com/en/report/enforce; 5
default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com *.mopinion.com; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com *.mopinion.com; img-src http: https: data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com *.mopinion.com; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com; font-src 'self' *.mopinion.com fonts.gstatic.com data:; connect-src *.mopinion.com; report-uri /report-csp-violation; upgrade-insecure-requests 5
script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com *.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 5
default-src 'self' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' *.assurance.com 5
default-src https: wss: 5
default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * 5
script-src 'self' 5
font-src *.fontawesome.com *.tawk.to fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.tawk.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://hps.github.io https://api2.heartlandportico.com *.tawk.to *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://hps.github.io https://api2.heartlandportico.com *.facebook.com *.tawk.to cdn.jsdelivr.net *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://hps.github.io https://api2.heartlandportico.com *.googletagmanager.com *.facebook.net *.avada.io *.tawk.to cdn.jsdelivr.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com fonts.googleapis.com cdn.jsdelivr.net tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.google-analytics.com *.tawk.to wss://*.tawk.to https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 5
font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.vimeo.com *.texdecor.test *.texdecor.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.texdecor.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.instagram.com *.texdecor.test *.texdecor.com *.fact-finder.fr www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 5
default-src *.adlooxtracking.com *.adsafeprotected.com *.doubleverify.com *.googlesyndication.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.roxot-panel.com *.serving-sys.com *.vk.com adservice.google.com adservice.google.ru an.yandex.ru cdn.ampproject.org cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru static.criteo.net vk.com yandex.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; connect-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.roxot-panel.com *.serving-sys.com *.vk.com ads.betweendigital.com an.yandex.ru cdn.consentmanager.mgr.consensu.org cdn.jsdelivr.net consentmanager.mgr.consensu.org csi.gstatic.com ib.adnxs.com jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru pagead2.googlesyndication.com pb.adriver.ru prebid-bidder.rutarget.ru prebid-eu.creativecdn.com px.adhigh.net securepubads.g.doubleclick.net ssp.hybrid.ai ssp.otm-r.com static.criteo.net strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.vk.com *.yandex.net coub-anubis-a.akamaized.net data: mail.ru ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.criteo.com *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.mail.ru *.mradx.net *.ok.ru *.vk.com *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru mc.yandex.by mc.yandex.com mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru tpc.googlesyndication.com vk.com www.google.com yandexadexchange.net yastat.net yastatic.net; report-uri https://cspreport.mail.ru/splash?v=29.06.21; 4
default-src 'self' https: wss: data: blob: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 4
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::APROD_2_13_X 4
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam-cell.nr-data.net/1/5360c08ecf https://browser-update.org/update.min.js https://cdn.botframework.com/botframework-webchat/latest/webchat-es5.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://hello.myfonts.net/count/3786f2 https://js-agent.newrelic.com/nr-1209.min.js https://siteimproveanalytics.com/js/siteanalyze_637444.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://*.twimg.com https://*.twitter.com https://*.googleapis.com https://polyfill.io https://unpkg.com https://georgiagov.atlassian.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cloud.typenetwork.com https://*.twimg.com https://*.twitter.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://*.googleapis.com; img-src 'self' blob: data: https:; connect-src 'self' 'unsafe-inline' https://bam-cell.nr-data.net https://directline.botframework.com https://stats.g.doubleclick.net https://trunk.georgia.gov https://www.google-analytics.com wss://directline.botframework.com; report-uri /report-csp-violation 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; report-uri /error/js; img-src 'self' https: data:; 4
child-src js.driftt.com platform.twitter.com play.vidyard.com syndication.twitter.com www.youtube.com w.soundcloud.com embed.podcasts.apple.com 8450953.fls.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net; connect-src 'self' 565-bdo-100.mktoresp.com 565-bdo-100.mktoutil.com bam-cell.nr-data.net cdn.cookielaw.org cds.taboola.com p.typekit.net p1.parsely.com pages.marketintelligence.spglobal.com primer.typekit.net privacyportal.onetrust.com rtp-static.marketo.com trc-events.taboola.com use.typekit.net www.google-analytics.com code.jquery.com 838-ldp-483.mktoresp.com l.sharethis.com play.vidyard.com www.googletagmanager.com adservice.google.com stats.g.doubleclick.net cdn.plot.ly 583-tms-002.mktoresp.com media.spglobal.com 78b96a8e-458e-6638-1562-9c34cd7187e1.z1.dca0.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' app-sjqe.marketo.com bam-cell.nr-data.net cdn.cookielaw.org cdn.vidyard.com data: js-agent.newrelic.com marketing.spglobal.com p.typekit.net pi.pardot.com platform.linkedin.com platform.twitter.com play.vidyard.com searchg2-assets.crownpeak.net syndication.twitter.com use.typekit.net www.google-analytics.com www.googletagmanager.com 565-bdo-100.mktoresp.com abrtp1-cdn.marketo.com abrtp1.marketo.com cdn.parsely.com cdn.taboola.com geolocation.onetrust.com js.driftt.com p1.parsely.com rtp-static.marketo.com 'self' trc-events.taboola.com trc.taboola.com w.soundcloud.com www.facebook.com www.snl.com cdn.syndication.twimg.com embed.podcasts.apple.com munchkin.marketo.net pbs.twimg.com privacyportal.onetrust.com stats.g.doubleclick.net googleads.g.doubleclick.net; font-src 'self' use.typekit.net data: media.spglobal.com cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com use.fontawesome.com www.spglobal.com; form-action 'self' careers.spglobal.com platform.twitter.com syndication.twitter.com twitter.com feedburner.google.com login.spglobal.com openid.login.spglobal.com disclosure.spglobal.com www.spglobal.com platform.marketintelligence.spglobal.com; frame-src embed.podcasts.apple.com js.driftt.com platform.twitter.com play.vidyard.com syndication.twitter.com w.soundcloud.com www.youtube.com 'self' html5-player.libsyn.com twitter.com player.vimeo.com tableau.marketplace.spglobal.com www.googletagmanager.com 10404489.fls.doubleclick.net 8450953.fls.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net open.spotify.com optimize.google.com code.highcharts.com www.spglobal.com; img-src 'self' cdn.cookielaw.org cdn.vidyard.com cds.taboola.com data: p1.parsely.com pages.marketintelligence.spglobal.com platform.twitter.com play.vidyard.com spglobal.com syndication.twitter.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.snl.com pbs.twimg.com platform.mi.spglobal.com ton.twimg.com www.lcdcomps.com www.spglobal.com bam-cell.nr-data.net img.youtube.com sync.outbrain.com sync.taboola.com platform.midev.spglobal.com ratings.spglobal.com s3.amazonaws.com twitter.com www.indexologyblog.com www.linkedin.com login.spglobal.com media.spglobal.com www.googleadservices.com www.google.com cm.g.doubleclick.net googleads.g.doubleclick.net l.sharethis.com platform-cdn.sharethis.com assets.libsyn.com ssl-static.libsyn.com static.libsyn.com www.highyieldbond.com srv-2021-05-26-14.pixel.parsely.com srv-2021-05-26-15.pixel.parsely.com cdn.spgi.spglobal.com pixel.spotify.com platform.marketintelligence.spglobal.com platts.com www.cusip.com disclosure.spglobal.com investor.spglobal.com snl.com stage.www.spglobal.com www.trucost.com; media-src data: js.driftt.com 'self' cdn.vidyard.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' abrtp1-cdn.marketo.com abrtp1.marketo.com app-sjqe.marketo.com bam-cell.nr-data.net cdn.cookielaw.org cdn.parsely.com cdn.taboola.com cdnjs.cloudflare.com connect.facebook.net geolocation.onetrust.com js-agent.newrelic.com js.driftt.com marketing.spglobal.com munchkin.marketo.net pi.pardot.com platform.linkedin.com platform.twitter.com play.vidyard.com rtp-static.marketo.com searchg2-assets.crownpeak.net trc.taboola.com use.typekit.net w.soundcloud.com www.google-analytics.com www.googletagmanager.com cdn.syndication.twimg.com code.highcharts.com analytics.twitter.com www.youtube.com app-ab15.marketo.com platform-api.sharethis.com player.vimeo.com t.sharethis.com tableau.marketplace.spglobal.com www.google.com www.spindices.com buttons-config.sharethis.com login.spglobal.com use.fontawesome.com googleads.g.doubleclick.net www.googleadservices.com cdn.plot.ly spglobal.com srv-2021-05-26-15.pixel.parsely.com optimize.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' abrtp1-cdn.marketo.com abrtp1.marketo.com app-sjqe.marketo.com bam-cell.nr-data.net cdn.cookielaw.org cdn.parsely.com cdn.taboola.com connect.facebook.net geolocation.onetrust.com js-agent.newrelic.com js.driftt.com marketing.spglobal.com munchkin.marketo.net pages.marketintelligence.spglobal.com pi.pardot.com platform.linkedin.com platform.twitter.com play.vidyard.com rtp-static.marketo.com searchg2-assets.crownpeak.net trc.taboola.com w.soundcloud.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com plattsinfo.spglobal.com use.typekit.net www.youtube.com cdn.syndication.twimg.com cdnjs.cloudflare.com www.google.com analytics.twitter.com 565-bdo-100.mktoutil.com 325-kyl-599.mktoutil.com 838-ldp-483.mktoutil.com app-ab15.marketo.com code.highcharts.com login.spglobal.com ratings.spglobal.com tableau.marketplace.spglobal.com www.spindices.com 583-tms-002.mktoutil.com googleads.g.doubleclick.net cdn.plot.ly use.fontawesome.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com p.typekit.net platform.twitter.com rtp-static.marketo.com use.typekit.net ton.twimg.com app-ab15.marketo.com spglobal.com use.fontawesome.com optimize.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' platform.twitter.com rtp-static.marketo.com cdnjs.cloudflare.com p.typekit.net ton.twimg.com use.typekit.net app-ab15.marketo.com fonts.googleapis.com; frame-ancestors 'self'; worker-src www.spglobal.com; report-uri https://5017ae7b6342bc1727d66f6970134e09.report-uri.com/r/d/csp/reportOnly 4
default-src https: wss: 'self' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com nimbleswan.io static.tagboard.com; style-src 'self' https: 'unsafe-inline' *.mightycause.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com d2c6wt5h92c1t2.cloudfront.net da3a5jhrzfmu8.cloudfront.net api.autopilothq.com *.braintreegateway.com *.chatlio.com cdnjs.cloudflare.com *.doubleclick.net cdn.embedly.com *.facebook.net *.facebook.com *.firebaseio.com *.fontawesome.com *.formstack.com cdn.jsdelivr.net *.kaptcha.com *.maxmind.com *.plaid.com *.paypal.com *.paypalobjects.com *.segment.com *.segment.io *.stripe.com *.surveymonkey.com *.uploadcare.com ucarecdn.com *.youtube.com *.vimeo.com; img-src 'unsafe-eval' https: data: blob: mediastream:; media-src https: 'self' *.mightycause.com w.chatlio.com blob:; font-src https: data: 'self' *.mightycause.com *.gstatic.com cdn.embedly.com; manifest-src 'self' *.mightycause.com; report-uri https://mightycause.report-uri.com/r/d/csp/reportOnly 4
default-src 'self'; frame-ancestors 'self' *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de; frame-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de streaming.talk42.de app.datawrapper.de datawrapper.dwcdn.net 'self'; style-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://cdn.leafletjs.com/leaflet/v0.7.7/ https://cdnjs.cloudflare.com/ajax/libs/leaflet.markercluster/0.4.0/ 'unsafe-inline'; img-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de data: 'unsafe-inline'; script-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com/player/ https://www.youtube.com https://s.ytimg.com/yts/jsbin/ https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/ https://vjs.zencdn.net/5.9.2/ 'unsafe-inline'; font-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com data: 'self'; media-src *.bundesregierung.de 'self'; 4
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 4
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 4
connect-src 'self' *.fontawesome.com *.google-analytics.com *.visualwebsiteoptimizer.com cdn.cookielaw.org *.stackadapt.com *.doubleclick.net *.yimg.com; default-src 'self' pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com 'unsafe-inline' *.fontawesome.com *.visualwebsiteoptimizer.com cdn.cookielaw.org fonts.googleapis.com cdn.pushcrew.com; font-src 'self' *.fontawesome.com *.dataweavers.io fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self' burly.io *.burly.io *.youtube.com *.ytimg.com *.driftt.com *.adsrvr.org *.doubleclick.net *.google.com; img-src 'self' *.dataweavers.io data: pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com cdnjs.cloudflare.com *.visualwebsiteoptimizer.com *.google-analytics.com *.adsymptotic.com www.googletagmanager.com *.heartlandpaymentsystems.com *.linkedin.com *.bing.com t.co *.tribalfusion.com *.yahoo.com *.pushcrew.com pushcrew.com *.facebook.com *.google.com.au *.google.com; script-src 'self' 'unsafe-inline' *.fontawesome.com www.googletagmanager.com 'unsafe-eval' *.dataweavers.io cdn.pushcrew.com *.drifft.com *.visualwebsiteoptimizer.com bat.bing.com *.google.com tracking.g2crowd.com js.driftt.com gstatic.com google-analytics.com; script-src-elem 'self' *.google-analytics.com 'unsafe-inline' *.fontawesome.com *.visualwebsiteoptimizer.com cdn.cookielaw.org *.stackadapt.com pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com www.googletagmanager.com *.pushcrew.com burly.io *.burly.io *.adsrvr.org static.ads-twitter.com platform.twitter.com *.tribalfusion.com code.jquery.com *.doubleclick.net *.driftt.com *.dataweavers.io *.g2crowd.com *.gstatic.com *.licdn.com *.facebook.net *.yimg.com *.google.com bat.bing.com www.googleadservices.com *.twitter.com *.analytics.yahoo.com fonts.googleapis.com; style-src-elem 'self' *.stackadapt.com 'unsafe-inline' *.pushcrew.com *.dataweavers.io fonts.googleapis.com; worker-src 'self' blob:; 4
report-uri /_/csp-reports 4
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/verily 4
font-src *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.paypal.com www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.paypal.com www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.criteo.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.agkn.com *.pinterest.com *.paypal.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.cloudfront.net *.credomobile.com *.credo.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.facebook.net *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.criteo.com *.paypal.com *.newrelic.com *.nr-data.net www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com static.zdassets.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.shareasale.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.bootstrapcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.cloudfront.net *.credomobile.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net *.paypal.com www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.cloudfront.net *.credomobile.com *.credo.com *.taboola.com *.pinimg.com *.bing.com *.facebook.com *.fullstory.com *.liadm.com *.pdst.fm *.opmnstr.com *.criteo.net widget-mediator.zopim.com *.zopim.com *.cloudfunctions.net *.omappapi.com wss://widget-mediator.zopim.com *.paypal.com *.nr-data.net www.google-analytics.com www.google.com *.doubleclick.net *.gstatic.com *.pinterest.com *.trustedshops.com *.usercentrics.eu *.hotjar.com *.getletterpress.com *.zendesk.com *.zdassets.com/ credomobilesupport.zendesk.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.shareasale-analytics.com shareasale-analytics.com *.googletagmanager.com *.shareasale.com *.bootstrapcdn.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 4
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.hollywoodreporter.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 4
default-src 'self' *.optomaeurope.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.optomaeurope.com *.optoma.co code.jquery.com fast.fonts.net www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://unpkg.com *.unpkg.com secure.neck6bake.com https://youtube.com *.youtube.com youtube.com *.vimeo.com static.cloudflareinsights.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.storerocket.io api.mapbox.com *.jsdelivr.net cdn.polyfill.io https://cdnjs.cloudflare.com https://ldynamicspublicapi.leadforensics.com; object-src 'self'; style-src 'self' data: 'unsafe-inline' *.optomaeurope.com *.optoma.co https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' blob: data: *.optomaeurope.com *.optoma.co *.youtube.com *.ytimg.com *.vimeo.com www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.storerocket.io https://ssl.gstatic.com https://www.gstatic.com https://s3-us-west-2.amazonaws.com *.optoma.com; media-src 'self' *.optomaeurope.com; frame-src 'self' *.optomaeurope.com *.optoma.co *.youtube.com *.youtube-nocookie.com *.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; font-src 'self' *.optomaeurope.com *.optoma.co http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://fonts.gstatic.com data: ; connect-src 'self' *.optomaeurope.com https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://ldynamicspublicapi.leadforensics.com *.storerocket.io https://storerocket.io storerocket.global.ssl.fastly.net *.mapbox.com https://stats.g.doubleclick.net; report-uri https://c9f3e0efddb3b5a8f702c2632d2e3942.report-uri.com/r/d/csp/reportOnly 4
font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.typekit.net *.trustedshops.com oct8necdneu.azureedge.net blob: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.adyen.com www.google.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.hotjar.com www.googletagmanager.com *.googletagmanager.com connect.nosto.com *.nosto.com widgets.trustedshops.com static-eu.oct8ne.com js-agent.newrelic.com consent.trustarc.com r1-t.trackedlink.net static.hotjar.com vars.hotjar.com script.hotjar.com www.facebook.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net *.g.doubleclick.net cdn.ravenjs.com bam.eu01.nr-data.net tracker.twenga.es ajax.cloudflare.com *.google.com *.gstatic.com *.oct8ne.com www.youtube.com consent-pref.trustarc.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.trustedshops.com *.usercentrics.eu www.googletagmanager.com *.googletagmanager.com connect.nosto.com *.nosto.com widgets.trustedshops.com static-eu.oct8ne.com js-agent.newrelic.com consent.trustarc.com r1-t.trackedlink.net static.hotjar.com *.hotjar.com vars.hotjar.com script.hotjar.com www.facebook.com connect.facebook.net stats.g.doubleclick.net *.g.doubleclick.net cdn.ravenjs.com bam.eu01.nr-data.net tracker.twenga.es ajax.cloudflare.com www.google.com *.google.com *.gstatic.com cdn.buff.com *.oct8ne.com oct8necdneu.azureedge.net www.google.lv www.google.ac www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.as www.google.at www.google.com.au www.google.ba www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.cat www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.gd www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gp www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.co.in www.google.io www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.kg www.google.com.kh www.google.ki www.google.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.lt www.google.lu www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.mp www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.na www.google.com.nf www.google.com.ng www.google.com.ni www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.re www.google.ro www.google.rs www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tk www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.com.ua www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.com.vn www.google.vu www.google.ws www.google.co.za www.google.co.zm www.google.co.zw blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.cloudflare.com *.trustedshops.com *.usercentrics.eu www.googletagmanager.com *.googletagmanager.com connect.nosto.com *.nosto.com widgets.trustedshops.com static-eu.oct8ne.com js-agent.newrelic.com consent.trustarc.com r1-t.trackedlink.net static.hotjar.com *.hotjar.com vars.hotjar.com script.hotjar.com www.facebook.com connect.facebook.net stats.g.doubleclick.net *.g.doubleclick.net cdn.ravenjs.com bam.eu01.nr-data.net tracker.twenga.es ajax.cloudflare.com www.google.com *.google.com *.gstatic.com *.oct8ne.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://geoip-js.com *.cloudflare.com *.paypal.com https://cdn.klarna.com *.vimeocdn.com https://s.ytimg.com *.trustedshops.com *.usercentrics.eu www.googletagmanager.com *.googletagmanager.com connect.nosto.com *.nosto.com widgets.trustedshops.com static-eu.oct8ne.com js-agent.newrelic.com consent.trustarc.com r1-t.trackedlink.net static.hotjar.com *.hotjar.com vars.hotjar.com script.hotjar.com www.facebook.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net *.g.doubleclick.net cdn.ravenjs.com bam.eu01.nr-data.net tracker.twenga.es ajax.cloudflare.com www.google.com *.google.com *.gstatic.com cdn.buff.com *.oct8ne.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://axaxl.com https://eus-prd-f8372a898644-xp2-cd.azurewebsites.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://cf-images.us-east-1.prod.boltdns.net https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://id.rlcdn.com *.company-target.com https://company-target.com https://api.company-target.com *.demandbase.com https://demandbase.com https://tag.demandbase.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.fls.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.co.uk https://doubleclick.net https://bid.g.doubleclick.net https://match.prod.bidr.io *.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://vjs.zencdn.net *.newrelic.com *.nr-data.net https://bam.nr-data.net https://js-agent.newrelic.com *.brightcove.com  *.brightcove.net *.media.brightcove.net *.api.brightcove.net https://secure.brightcove.com https://brightcove.com https://players.brightcove.net https://metrics.brightcove.com f1.media.brightcove.com https://edge.api.brightcove.com https://p.adsymptotic.com *.adsymptotic.com *.newscred.com analytics.newscred.com pixel.newscred.com t.newscred.com https://analytics.newscred.com https://pixel.newscred.com https://t.newscred.com https://img04.en25.com; report-uri https://axaxl.com/cspviolation; report-to https://axaxl.com/cspviolation 4
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: https://www.gstatic.com https://fonts.gstatic.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.facebook.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; frame-ancestors https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com cdn.dnky.co youtube.com www.youtube.com *.hotjar.com https://www.google.com *.facebook.com *.trustpilot.com *.criteo.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.google.com www.google.nl data: connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com www.googletagmanager.com googletagmanager.com gallery.mailchimp.com amcglobal.sc.omtrdc.net cm.everesttech.net *.trustedshops.com www.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com google.com www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com https://www.google.com https://www.gstatic.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; object-src https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; media-src *.zopim.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; manifest-src https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedc.net api.comapi.com google-analytics.com www.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com dpm.demdex.net *.feedbackcompany.com amcglobal.sc.omtrdc.net *.zendesk.com *.nr-data.net www.clarity.ms *.facebook.com *.datatrics.com https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; child-src https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; default-src https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.level1.com https://www.conceptronic.net https://www.equip-info.net 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 4
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com embedwistia-a.akamaihd.net www.google-analytics.com vc.hotjar.io in.hotjar.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com form.123formbuilder.com go.altusgroup.com vars.hotjar.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: altusgroup.com fonts.googleapis.com www.altusgroup.com; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: embedwistia-a.akamaihd.net; form-action  www.altusgroup.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: embedwistia-a.akamaihd.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com altuscrm.agencypilot.com www.altusgroup.com www.google-analytics.com embedwistia-a.akamaihd.net maps.googleapis.com www.google.ca fast.wistia.com px.ads.linkedin.com www.google.com maps.gstatic.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com www.altusgroup.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fast.wistia.com static.hotjar.com www.google-analytics.com script.hotjar.com www.altusgroup.com cdnjs.cloudflare.com www.gstatic.com maps.googleapis.com go.altusgroup.com altusgroup.com www.googletagmanager.com pi.pardot.com snap.licdn.com static.addtoany.com; report-uri /csp_report 4
script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.moatads.com https://*.addthis.com https://*.doubleclick.net https://*.addthisedge.com https://*.newrelic.com https://*.nr-data.net https://*.googlevideo.com https://*.arcgis.com https://*.gov.uk https://*.facebook.com; frame-src 'self' https://*.addthis.com https://*.youtube.com https://www.googletagmanager.com https://*.arcgis.com; report-uri https://snhwebsite.report-uri.com/r/d/csp/reportOnly 4
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com static.curations.bazaarvoice.com 'unsafe-inline' data: *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.twitter.com s.amazon-adsystem.com *.youtube.com *.facebook.com *.fls.doubleclick.net insight.adsrvr.org *.filestackapi.com *.addthis.com flexfaceoffsweeps.azurewebsites.net match.adsrvr.org *.viewinyourspace.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.bazaarvoice.com *.google.com *.taboola.com *.facebook.com *.facebook.net *.hubspot.com *.hsforms.com r.turn.com *.adnxs.com pixel.mediaiqdigital.com *.gravatar.com *.youtube.com cscoreproweustor.blob.core.windows.net www.skil.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com *.filestackapi.com *.facebook.net *.crazyegg.com js.hs-scripts.com *.taboola.com js.adsrvr.org js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.googleapis.com geoip-js.com secure-ds.serving-sys.com *.adnxs.com bs.serving-sys.com *.viewinyourspace.com *.addthis.com *.addthisedge.com z.moatads.com cscoreproweustor.blob.core.windows.net flexfaceoffsweeps.azurewebsites.net js.monitor.azure.com edge.curalate.com ipinfo.io *.newrelic.com *.nr-data.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com cscoreproweustor.blob.core.windows.net cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src api.bazaarvoice.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.bazaarvoice.com *.crazyegg.com forms.hubspot.com api.channelsight.com *.google-analytics.com stats.g.doubleclick.net *.taboola.com secure-ds.serving-sys.com *.viewinyourspace.com chervon-website-api.herokuapp.com chervon-website-api-dev.herokuapp.com *.jotform.com dc.services.visualstudio.com *.addthis.com edge.curalate.com geoip-js.com *.hsforms.com *.nr-data.net *.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.pepperjamnetwork.com *.bounceexchange.com ids.cdnwidget.com *.dotdigital-pages.com *.dotdigital.com *.weltpixel.com *.yotpo.com *.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com store.paradoxlabs.com www.xtento.com cdn.xtento.com *.bounceexchange.com *.bouncex.net *.cdnwidget.com pippio.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.newrelic.com *.nr-data.net cdn.cookielaw.org *.google.com *.gstatic.com *.pepperjam.com www.xtento.com cdn.xtento.com *.segment.io *.segment.com *.bounceexchange.com *.wknd.ai *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.authorize.net *.maxmind.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com *.yotpo.com *.googleapis.com *.bounceexchange.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.nr-data.net cdn.cookielaw.org *.pepperjam.com *.segment.io *.segment.com *.bounceexchange.com *.wknd.ai *.bouncex.net *.cdnbasket.net *.cdnwidget.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.authorize.net *.mmapiws.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.addthis.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com https://cdn.klarna.com data: https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src https://*.online-metrix.net https://imgs.signifyd.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.google.com *.addthis.com *.paymetric.com *.hotjar.com *.doubleclick.net *.adsrvr.org *.cloudfront.net *.cloudflareinsights.com *.oraclecloud.com *.pur.com *.honeywellpluggedin.com *.vickshumidifiers.com *.stingerproducts.com *.febrezeairpurifiers.com *.oxo.com *.hottools.com vice-prod.sdiapi.com *.weltpixel.com www.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.google.com t.co *.custhelp.com *.rnengage.com *.facebook.com 'self' data: *.omtrdc.net *.trustarc.com *.pinterest.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.ads-twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com *.facebook.net widgets.pinterest.com *.hotjar.com *.doubleclick.net *.custhelp.com *.rnengage.com *.sdiapi.com *.rapidspike.com *.oraclecloud.com *.atgsvcs.com *.trustarc.com *.livelook.com *.newrelic.com *.nr-data.net *.pinimg.com *.sc-static.net www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.custhelp.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://imgs.signifyd.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.hotjar.io *.signifyd.com *.rapidspike.com *.oraclecloud.com *.sdiapi.com *.doubleclick.net *.atgsvcs.com *.nr-data.net *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.initial-website.com/app/reporting/policyviolation/submit 4
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.addthis.com *.pinterest.com *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com store.paradoxlabs.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.fraudlabspro.com *.authorize.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.maxmind.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.authorize.net *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com https://www.google-analytics.com *.mmapiws.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.gigya.com https://*.gigya.com https://consentcdn.cookiebot.com https://*.addthis.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.gigya.com 'unsafe-inline' data: https://*.gigya.com https://www.google.it https://bam.nr-data.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net js.braintreegateway.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net jquery.sellxed.com *.gigya.com https://cdnjs.cloudflare.com https://legals.paninigroup.com https://*.cookiebot.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.addthis.com https://*.facebook.com https://*.addthisedge.com https://*.moatads.com https://*.recaptcha.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.googleapis.com 'unsafe-inline' data: https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.google-analytics.com https://legals.paninigroup.com https://stats.g.doubleclick.net https://*.facebook.com https://bam.nr-data.net https://*.addthis.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 3
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 3
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl 3
report-uri /ab/csp/index; report-to csp-endpoint 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
default-src data: blob: https://*.fbcdn.net https://*.facebook.com *.fbsbx.com *.messenger.com;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.messenger.com connect.facebook.net;style-src data: blob: 'unsafe-inline' * *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.gstatic.com;img-src *.fbcdn.net https://*.facebook.com cdninstagram.com *.cdninstagram.com *.tenor.co *.giphy.com data: *.fbsbx.com *.messenger.com messenger.com;media-src *.fbsbx.com *.fbcdn.net *.messenger.com *.cdninstagram.com;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/;require-trusted-types-for 'script'; 3
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com wss://*.qualified.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=wufoocms 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://qualys.report-uri.com/r/d/csp/reportOnly 3
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.dow.com dow.6connex.com; report-uri /cxsite/csp-report/csp-report.html 3
default-src * data: blob:;worker-src 'self' blob:;script-src blob: 'unsafe-inline' https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/viewer/ https://cdn.ampproject.org/rtv/ https://www.googletagmanager.com/gtag/js https://playground.amp.dev/ https://preview.amp.dev/ https://go.amp.dev/ https://log.amp.dev/;object-src 'none';style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://playground.amp.dev/ https://preview.amp.dev/ https://go.amp.dev/ https://log.amp.dev/;report-uri /csp-report 3
frame-ancestors 'none'; report-uri /csp_logger/; 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
font-src https://www.google.com https://www.facebook.com https://magento.com https://www.gstatic.com https://connect.facebook.net https://consent.trustarc.com https://h.online-metrix.net *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://testsecureacceptance.cybersource.com/embedded/pay *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.facebook.com https://www.google.com https://www.youtube.com https://testsecureacceptance.cybersource.com https://tst.kaptcha.com/ https://web.facebook.com/ *.vbulletin.com *.internetbrands.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.vbulletin.com https://online.swagger.io https://ytimg.com https://i.ytimg.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.facebook.com https://magento.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://consent.trustarc.com https://h.online-metrix.net https://gdpr.internetbrands.com/ https://tst.kaptcha.com https://kaptcha.com *.vbulletin.com *.internetbrands.com 'unsafe-inline' data: *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src *.vbulletin.com *.internetbrands.com blob: 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com https://tst.kaptcha.com *.vbulletin.com *.internetbrands.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self' 3
block-all-mixed-content; default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:; frame-src 'self' https://www.youtube.com; img-src 'self' https://translate.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://i.ytimg.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com data:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com maps.google.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; report-uri https://www.nidirect.gov.uk/report-uri/reportOnly 3
script-src https://shopping.com https://*.shopping.com https://*.paypalobjects.com https://*.paypal.com https://www.google-analytics.com https://checkout.ebay.com 'unsafe-inline'; connect-src https://shopping.com https://*.shopping.com https://*.paypal.com; form-action https://shopping.com https://*.shopping.com; img-src https://shopping.com https://*.shopping.com https://*.paypal.com https://*.ebayimg.com https://*.cnnx.io https://www.paypalobjects.com data:; report-uri https://monitor.ebay.com/csp-report/shoppingdotcom 3
font-src data: *.gstatic.com *.force.com *.salesforceliveagent.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.datatrans.com *.force.com *.salesforceliveagent.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src https://*.online-metrix.net https://imgs.signifyd.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es secure.payu.com merch-prod.snd.payu.com *.youtube.com/ *.google.com *.doubleclick.net *.nativeroll.tv *.googlesyndication.com *.youtube-nocookie.com *.facebook.com *.affirm.com *.datatrans.com *.force.com *.salesforceliveagent.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es static.payu.com data: *.pinterest.com *.google.com *.google.fr *.facebook.com vk.com *.teads.tv *.akamaihd.net *.yandex.ru *.adsrvr.org *.g.doubleclick.net *.facebook.net *.steelhousemedia.com *.cloudfront.net *.mail.ru *.nativeroll.tv *.linkedin.com *.googleapis.com *.bing.com *.inside-graph.com *.google.ch *.signifyd.com *.gstatic.com *.googleadservices.com *.affirm.com *.force.com *.salesforceliveagent.com 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com test.authorize.net js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es jquery.sellxed.com secure.payu.com secure.snd.payu.com *.pinimg.com *.googletagmanager.com *.facebook.net *.teads.tv googleads.g.doubleclick.net *.google.com *.google.fr *.gstatic.com/ vk.com *.mail.ru *.yandex.ru *.nativeroll.tv *.scarabresearch.com *.cloudfront.net *.inside-graph.com *.steelhousemedia.com *.tiktok.com *.googleapis.com *.googlesyndication.com *.affirm.com *.licdn.com *.bing.com *.datatrans.com *.recaptcha.net *.force.com *.salesforceliveagent.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.inside-graph.com *.force.com *.salesforceliveagent.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es secure.payu.com merch-prod.snd.payu.com *.pinterest.com googleads.g.doubleclick.net stats.g.doubleclick.net *.google-analytics.com *.mail.ru *.yandex.ru *.scarabresearch.com *.tiktok.com *.lamoda.ru *.inside-graph.com wss://us2-live.inside-graph.com *.affirm.com *.force.com *.salesforceliveagent.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.tissotwatches.com/en-en/tissot_csp/report/; report-to report-endpoint; 3
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 3
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 3
default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io https://api.infinario.com;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data: https://px.ads.linkedin.com https://www.linkedin.com;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.sharethis.com *.sharethis.mgr.consensu.org geoip-db.com *.facebook.com *.connect.facebook.net *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.googleusercontent.com *.gravatar.com *.soundcloud.com 01.org *.youtube.com asciinema.org *.addtoany.com https://translate.googleapis.com; script-src 'self'  'unsafe-inline'  'unsafe-eval'  data:  blob:  *.connect.facebook.net/en_US/   https://stg.01.org/  https://code.jquery.com/  https://www.googletagmanager.com/  https://www.google-analytics.com/analytics.js  https://connect.facebook.net/en_US/  https://*.static.addtoany.com/menu/  https://static.addtoany.com/menu/page.js  https://static.addtoany.com/menu/locale/ https://static.addtoany.com/menu/svg/icons.29.svg.js  https://geoip-db.com/jsonp ; img-src 'self' data: blob: https://secure.gravatar.com/avatar/ https://software.intel.com/sites/ https://corpredirect.intel.com/ https://*.www.gstatic.com/images/ https://www.googletagmanager.com/ https://www.gstatic.com/images/branding/product/ http://1.bp.blogspot.com/ http://2.bp.blogspot.com/ http://3.bp.blogspot.com/ http://4.bp.blogspot.com/ https://asciinema.org/ https://img.youtube.com/vi/ https://www.google-analytics.com/collect https://lh3.googleusercontent.com/ https://lh4.googleusercontent.com/ https://lh5.googleusercontent.com/ https://lh6.googleusercontent.com/; font-src 'self' *.fonts.gstatic.com/s/roboto/v20/ https://*.fonts.gstatic.com/s/roboto/v20/; report-uri /admin/config/system/seckit/csp-report 3
default-src 'self'; connect-src 'self'; script-src 'unsafe-eval' 'unsafe-inline'; style-src 'unsafe-eval' 'unsafe-inline'; media-src 'self'; frame-src 'self'; manifest-src 'self'; object-src 'self'; 3
font-src *.gstatic.com 'unsafe-inline' data: *.bic.com *.cloudflare.com *.typekit.net https://cdnjs.cloudflare.com *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es api.bazaarvoice.com stg.api.bazaarvoice.com *.snapchat.com www.facebook.com dmb.bic.com lighters.shopbic.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.snapchat.com *.criteo.com cdn.dnky.co webchat.dotdigital.com insight.adsrvr.org www.facebook.com static.criteo.net www.youtube.com bic2021.rangoon.fr gateway.euronext.com magento2.avada.io 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.twiago.com *.smartadserver.com *.adnxs.com *.360yield.com *.adscale.de *.bic.com *.outbrain.com *.bing.com *.google.com *.google.fr *.pinterest.com *.bazaarvoice.com *.facebook.com *.doubleclick.net *.stickyadstv.com *.yahoo.com *.googletagmanager.com *.teads.tv *.rubiconproject.com *.adform.net *.openx.net *.pubmatic.com *.3lift.com *.criteo.com *.casalemedia.com *.media.net *.omnitagjs.com *.bidswitch.net *.smaato.net *.advertising.com *.sharethrough.com *.ivitrack.com *.taboola.com data: px.ads.linkedin.com editor-assets.abtasty.com match.adsrvr.org ids.ad.gt secure.adnxs.com sync.smartadserver.com cm.g.doubleclick.net bh.contextweb.com image2.pubmatic.com www.facebook.com match.prod.bidr.io sync.go.sonobi.com ad.360yield.com tg.socdm.com ad.yieldlab.net gum.criteo.com criteo-partners.tremorhub.com i.liadm.com jadserve.postrelease.com ad.sxp.smartclip.net sync-criteo.ads.yieldmo.com ads.stickyadstv.com ads.yieldmo.com a.ad.gt sync.e-planning.net connect.facebook.net sync.ad-stir.com pixel.tapad.com ade.clmbtech.com api-lighters.shopbic.com dpm.demdex.net cw.addthis.com amasty.com cdn.klarna.com sdk.privacy-center.org cm.mgid.com www.magentocommerce.com blob: profile.ssp.rambler.ru image.thum.io gen.sendtric.com cx.atdmt.com cse.rentree-zen.fr sync.mathtag.com crb.kargo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.bic.com *.cloudflare.com *.gstatic.com *.snapchat.com *.bazaarvoice.com *.googletagmanager.com *.google.com *.facebook.net *.criteo.net *.bing.com *.pinimg.com *.abtasty.com *.windows.net *.batch.com *.yimg.com *.doubleclick.net *.outbrain.com *.privacy-center.org *.sc-static.net sc-static.net *.polyfill.io *.ad.gt *.yahoo.com *.criteo.com https://cdnjs.cloudflare.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io snap.licdn.com js.adsrvr.org aufp.io acdn.adnxs.com includes.ccdc02.com maps.googleapis.com static.smartrecruiters.com www.smartrecruiters.com www.googletagmanager.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com *.bic.com *.typekit.net *.fonts.googleapis.com *.bazaarvoice.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com static.smartrecruiters.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.slgnt.eu *.bic.com *.bazaarvoice.com *.paypal.com *.google-analytics.com *.batch.com *.pinterest.com *.yimg.com *.abtasty.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com stats.g.doubleclick.net bat.bing.com p.ad.gt api.privacy-center.org www.facebook.com js.authorize.net amasty.com gateway.euronext.com cdn.klarna.com www.google.com seg.ad.gt analytics.tiktok.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: data:; font-src https: data:; report-uri /csp-report; 3
default-src 'none'; img-src * data:; connect-src 'self' *.appcues.com *.appcues.net api.amplitude.com api.segment.io delivra.zendesk.com ekr.zdassets.com ws: wss:; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.appcues.com *.appcues.net cdnjs.cloudflare.com fonts.googleapis.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.appcues.com *.appcues.net ajax.googleapis.com code.jquery.com cdnjs.cloudflare.com cdn.segment.com cdn.amplitude.com static.zdassets.com; frame-src 'self' *.appcues.com editor.ne16.com; report-uri /Reports/LogCspError.ashx; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: *.vimeocdn.com fonts.googleapis.com; img-src 'self' data: secure.gravatar.com www.gravatar.com www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com; connect-src 'self' *.vimeo.com www.google-analytics.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' data: *.vimeo.com *.vimeocdn.com; child-src 'self' data: *.vimeo.com *.vimeocdn.com; frame-ancestors 'self' ; report-uri https://www.e2open.com?gdsih-csp-report; 3
default-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com; font-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com data: fonts.gstatic.com; script-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.google.com *.googleadservices.com googleads.g.doubleclick.net; style-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com fonts.googleapis.com; img-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' data: secure.gravatar.com *.getclicky.com t.co *.facebook.com *.olark.com *.adroll.com *.google-analytics.com *.gstatic.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.olark.com; connect-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.datadoghq.com *.getclicky.com *.facebook.com *.olark.com *.google-analytics.com *.g.doubleclick.net; frame-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.apple.com open.spotify.com *.soundcloud.com www.youtube.com www.facebook.com *.olark.com www.google.com bid.g.doubleclick.net; 3
default-src 'self'; connect-src 'self' www.linkedin.com content.linkedin.com lnkd.demdex.net dpm.demdex.net www.google-analytics.com linkedin.sc.omtrdc.net lnkd.tt.omtrdc.net opreq.observepoint.com www.linkedin-ei.com adservice.google.com stats.g.doubleclick.net static.licdn.com; img-src data: blob: android-webview-video-poster: *; font-src data: *; frame-src 'self' www.linkedin.com lnkd.demdex.net www.youtube-nocookie.com platform.twitter.com www.facebook.com plusone.google.com play.vidyard.com www.slideshare.net; style-src https: 'unsafe-inline' *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.licdn.com www.linkedin.com content.linkedin.com platform.linkedin.com *.ads.linkedin.com lnkd.demdex.net *.salesforceliveagent.com sb.scorecardresearch.com sjs.bizographics.com bcvipva02.rightnowtech.com; script-src-elem 'unsafe-inline' tags.tiqcdn.com *.salesforceliveagent.com platform.linkedin-ei.com platform.linkedin.com content.linkedin.com snap.licdn.com sjs.bizographics.com www.linkedin.com bcvipva02.rightnowtech.com sb.scorecardresearch.com; frame-ancestors 'self'; object-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=ms 3
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; child-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.kyruus.com fonts.gstatic.com use.typekit.net pro.fontawesome.com; form-action  www.facebook.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.typekit.net p.typekit.net pro.fontawesome.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: network.prismahealth.org www.facebook.com adservice.google.com use.typekit.net *.doubleclick.net www.google.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.facebook.com www.youtube.com www.googletagmanager.com www.google.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: siteimproveanalytics.com www.googleadservices.com www.google.com connect.facebook.net www.googletagmanager.com *.doubleclick.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: kyruus-app-static.kyruus.com www.googletagmanager.com prismahealth.org www.google.com 6147797.global.siteimproveanalytics.io cdn-images.kyruus.com www.facebook.com kloggyr-service.kyruus.com connect.facebook.net; report-uri /csp_report 3
default-src 'self'; 3
report-uri /report-csp-violation; upgrade-insecure-requests 3
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com cdn.jsdelivr.net js-agent.newrelic.com bam.nr-data.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com l3.evidon.com www.youtube.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.jsdelivr.net l.evidon.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.jsdelivr.net fonts.googleapis.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com cdn.jsdelivr.net ; form-action 'none' data: blob: ; report-uri /csp_report 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 3
default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 3
default-src 'self' *.experteer.com gap://ready https:; font-src 'self' *.experteer.com fonts.gstatic.com https: data: 'unsafe-inline'; img-src 'self' *.experteer.com https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' *.experteer.com www.google-analytics.com script.crazyegg.com www.linkedin.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.experteer.com https: 'unsafe-inline'; connect-src 'self' *.experteer.com https: wss://ws.inspectlet.com www.google-analytics.com; report-uri https://www.experteer.com/csp_violation_notifications 3
base-uri 'none'; form-action 'self'; report-uri https://vault.gostatera.com/collect/csp 3
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com cm.adform.net sync.e-planning.net www.facebook.com simage2.pubmatic.com secure.adnxs.com r.casalemedia.com www.google-analytics.com bam.nr-data.net c.clarity.ms criteo-partners.tremorhub.com www.google.fr *.yahoo.com t.co sync-t1.taboola.com ih.adscale.de px4.ads.linkedin.com eb2.3lift.com www.google.com criteo-sync.teads.tv x.bidswitch.net rtb-csync.smartadserver.com ad.yieldlab.net visitor.omnitagjs.com gum.criteo.com contextual.media.net *.doubleclick.net us-u.openx.net matching.ivitrack.com cm.mgid.com s.ad.smaato.net connect.facebook.net ads.stickyadstv.com pixel.advertising.com px.ads.linkedin.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: web.facebook.com www.facebook.com static.criteo.net gum.criteo.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: hello.myfonts.net fonts.googleapis.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net ariane.abtasty.com www.google.com dashboard.chatfuel.com s.yimg.com bat.bing.com dcinfos-cache.abtasty.com bam.nr-data.net adservice.google.com www.facebook.com www.clarity.ms; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.twitter.com bat.bing.com snap.licdn.com dashboard.chatfuel.com s.yimg.com static.criteo.net js-agent.newrelic.com www.google-analytics.com bam.nr-data.net static.ads-twitter.com www.googletagmanager.com cdn.jsdelivr.net analytics.skyscanner.net try.abtasty.com connect.facebook.net www.clarity.ms; form-action  www.flycorsair.com www.facebook.com; child-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; report-uri /csp_report 3
default-src 'none'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.typekit.net ajax.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com *.typekit.net *.myfonts.net; img-src 'self' data: *.google-analytics.com ajax.googleapis.com *.typekit.net *.doubleclick.net; connect-src 'self'; font-src 'self' data: *.typekit.net; object-src 'self'; media-src  'self'; frame-src *.addthis.com player.vimeo.com www.youtube.com; manifest-src 'self'; 3
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src *.gstatic.com https://js.klevu.com data: https://*.hotjar.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com www.xtento.com https://*.demdex.net https://*.adyen.com https://www.youtube.com https://youtu.be https://pay.google.com https://*.fls.doubleclick.net https://www.paypalobjects.com https://vars.hotjar.com http://www.yotpo.com https://player.vimeo.com/ https://*.googleapis.com/ https://www.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com https://www.xtento.com cdn.xtento.com *.gstatic.com *.google.co.uk *.google.com https://www.googletagmanager.com https://*.googleapis.com https://services.postcodeanywhere.co.uk https://www.rnengage.com https://js.klevu.com https://bat.bing.com https://mgl.sc.omtrdc.net https://cm.everesttech.net https://*.adyen.com https://*.demdex.net/ https://amcglobal.sc.omtrdc.net https://*.widget.custhelp.com https://*.cloudiq.com https://*.pinterest.com https://www.facebook.com https://cdn.cookielaw.org https://*.hotjar.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com https://*.adyen.com www.xtento.com cdn.xtento.com http://maybo11111.pcapredict.com https://services.postcodeanywhere.co.uk https://polyfill.io https://js.klevu.com https://www.google.com https://www.gstatic.com https://*.googleapis.com https://*.widget.custhelp.com https://*.custhelp.com https://*.rightnowtech.com https://www.rnengage.com https://bat.bing.com https://pay.google.com https://googleads.g.doubleclick.net https://*.newrelic.com https://bam-cell.nr-data.net https://*.hotjar.com https://connect.facebook.net https://cdn.cookielaw.org https://*.cloudiq.com https://*.onetrust.com https://*.pinimg.com *.avada.io https://*.trustpilot.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://services.postcodeanywhere.co.uk https://*.widget.custhelp.com https://www.gstatic.com https://fonts.googleapis.com https://js.klevu.com https://*.googleapis.com/ yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://services.postcodeanywhere.co.uk https://*.ksearchnet.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.demdex.net https://bam-cell.nr-data.net https://cdn.cookielaw.org https://amcglobal.sc.omtrdc.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.onetrust.com https://*.pinterest.com https://bat.bing.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://secure.tt-staging.com/; report-to report-endpoint; 3
object-src 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 3
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es js.stripe.com hooks.stripe.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es store.paradoxlabs.com 'self' 'unsafe-inline'; script-src js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net js.stripe.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.stripe.com *.authorize.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
report-uri https://www.tv5unis.ca/csp-report;default-src 'self' *.googlesyndication.com ;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.scorecardresearch.com *.google-analytics.com *.gstatic.com *.hotjar.com *.m32.media *.pinimg.com *.tv5unis.ca bedsberry.com cdn.ampproject.org tag.aticdn.net sc-static.net ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.doubleclick.net *.facebook.com *.google.ca *.google.com *.googleusercontent.com *.google-analytics.com *.googlesyndication.com *.scorecardresearch.com *.adsafeprotected.com bcp.crwdcntrl.net platform-lookaside.fbsbx.com https://image-proxy.tv5unis.ca ;media-src 'self' blob: *.2mdn.net *.llnw.net ;frame-src 'self' *.doubleclick.net *.facebook.com *.firebaseapp.com/ *.googlesyndication.com imasdk.googleapis.com vars.hotjar.com tr.snapchat.com ;font-src 'self' data: ;connect-src 'self' *.2mdn.net *.adnxs.com *.amazon-adsystem.com *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.google-analytics.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.llnw.net *.m32.media *.scorecardresearch.com *.tv5unis.ca bedsberry.com bcp.crwdcntrl.net cdn.ampproject.org cdn.jsdelivr.net licensing.bitmovin.com platform-lookaside.fbsbx.com sc-static.net sentry.io static.hotjar.com tag.aticdn.net us-central1-m32-infrastructure.cloudfunctions.net vendorlist.consensu.org https://api.tv5unis.ca https://image-proxy.tv5unis.ca ;worker-src 'self' blob: ;form-action 'self' www.facebook.com/tr tr.snapchat.com ; 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 3
default-src 'self';               script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.dynatrace.com ajax.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com stats.g.doubleclick.net www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com;               connect-src 'self' *.dynatrace.com *.optimizely.com www.enterice.com stats.g.doubleclick.net www.google-analytics.com dc.services.visualstudio.com;               img-src 'self' www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com stats.g.doubleclick.net www.google.com secure.comodo.com www.googletagmanager.com ajax.aspnetcdn.com;               style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com;               font-src 'self' fonts.gstatic.com;               frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com; 3
font-src fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com display.ugc.bazaarvoice.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data:  http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ data:; connect-src 'self' https://mebi.rivm.nl/* https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/*; report-uri /report-csp-violation 3
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.facebook.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.youtube.com platform.twitter.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.jsdelivr.net unpkg.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.jsdelivr.net unpkg.com platform.twitter.com bam.nr-data.net; form-action  www.grupomodelo.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 3
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de http://app.bronto.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.pages03.net *.facebook.com *.google.com *.hotjar.com *.issuu.com *.kaptcha.com *.mkt932.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pages03.net *.amazonaws.com *.coremetrics.com *.facebook.com *.facebook.net *.google.com *.paypal.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com polyfill.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.bronto.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.pages03.net *.putmeinthestory.com *.brilliantcollector.com *.facebook.net *.google.com *.gstatic.com *.hotjar.com *.nr-data.net *.newrelic.com *.integration-5ojmyuq-kolnt6avkh4uo.us-3.magentosite.cloud *.c.kolnt6avkh4uo.dev.ent.magento.cloud *.vagrant.com *.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.amazonaws.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.brilliantcollector.com *.brontops.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.nr-data.net *.zdassets.com *.zendesk.com wss://*.zopim.com https://*.zopim.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cd6149b609c1e427f5d8597d1534d2c7.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 3
frame-ancestors 'self' 3
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnly 3
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://6419468.collect.igodigital.com https://assets.adobedtm.com https://players.brightcove.net https://*.homeoffice.wal-mart.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.everesttech.net *.demdex.net *.omtrdc.net *.xx.fbcdn.net https://*.brightcove.com nova.collect.igodigital.com https://*.walmart.com https://*.wal-mart.com; font-src 'self' data: https://one.walmart.com; connect-src *; frame-src 'self' *.demdex.net https://wiresurveys.southcentralus.cloudapp.azure.com pfedprod.wal-mart.com https://*.walmart.com https://*.brightcove.com; media-src 'self' https://*.brightcove.com; report-uri https://csp.walmart.com/c/r/wmo 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 3
font-src *.cloudfront.net *.googleapis.com *.bootstrapcdn.com *.gstatic.com 'self' data: 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudfront.net data: www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.cloudfront.net *.google.com *.trustedshops.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudfront.net *.google.com *.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cloudfront.net *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.ingest.sentry.io js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
frame-ancestors * 3
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 3
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; report-to content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; 3
default-src 'self' *.qq.com *.google-analytics.com *.ytimg.com *.youtube.com *.googletagmanager.com *.baidu.com *.cookieinformation.com *.licdn.com *.facebook.net *.marketingautomation.com *.sleeknote.com *.sharpspring.com *.gstatic.com https: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/reportOnly 3
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://apikeys.civiccomputing.com http://apikeys.civiccomputing.com apikeys.civiccomputing.com https://ig.instant-tokens.com http://ig.instant-tokens.com ig.instant-tokens.com https://graph.instagram.com http://graph.instagram.com graph.instagram.com https://*.hotjar.com http://*.hotjar.com *.hotjar.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com https://*.facebook.com http://*.facebook.com *.facebook.com; frame-ancestors 'none'; frame-src https://*.youtube.com http://*.youtube.com *.youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.hotjar.com http://*.hotjar.com *.hotjar.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://*.cdninstagram.com http://*.cdninstagram.com *.cdninstagram.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.facebook.com http://*.facebook.com *.facebook.com https://i.ytimg.com http://i.ytimg.com i.ytimg.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://cc.cdn.civiccomputing.com http://cc.cdn.civiccomputing.com cc.cdn.civiccomputing.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.mailchimp.com http://*.mailchimp.com *.mailchimp.com 'unsafe-inline'; 3
worker-src 'none'; 3
font-src *.sagepay.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.sagepay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.sagepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sagepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
; frame-ancestors 'self' 3
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: ; report-uri https://reports.baidu.com/csp-report 2
default-src 'none'; script-src 'self' 'unsafe-eval' https://www.googleoptimize.com https://cdn.cookielaw.org https://*.mutinycdn.com https://d2c7xlmseob604.cloudfront.net 'sha256-09i4AWokmEmm6Xf4VnfX81XolkoAMDCJvfdfJlP5Ab4=' 'sha256-dRFH+TXDvASWWrsMkIeDmELTKAqptEiJh+299/59BUU=' 'sha256-IWGIsg1U5mon7c38uPIpRVRWrSilS+ey2Dp3q2208TU=' 'sha256-paT8fBGOtK3nkhGazWTfRCYXOG/pubylwthGOtoWO/E=' 'sha256-egpbluqkD8NT0bY3bWy7raM9tRIMkfUWboq0Y8KqsFk=' 'sha256-jJnbKS0QlbPjAGrJOn9lmCJcsYlL7QHTvWNPBa1y6yA=' 'sha256-qoKHf0EN7296KIec+9B7hm/MLAIrH6j0SdLCr/3qvHM=' www.googletagmanager.com cdn.bizible.com https://bat.bing.com www.googleadservices.com https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://redditstatic.com https://www.redditstatic.com https://www.fastly-insights.com https://*.fastly-insights.com https://www.google-analytics.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.fastly.com https://cdn.cookielaw.org *.doubleclick.net https://d.turn.com https://bat.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://www.google-analytics.com https://px.ads.linkedin.com https://alb.reddit.com https://www.google.com https://p.adsymptotic.com; worker-src data: blob:; connect-src 'self' localhost:* ws: https://cdn.cookielaw.org https://api.smartling.com https://*.fastly-insights.com https://fastly-insights.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io; frame-src *.doubleclick.net https://vars.hotjar.com; font-src 'self' data:; report-uri https://csp.global.ssl.fastly.net/csp/fastly-prod?report_only=1; 2
frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report; report-to csp-endpoint 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'none'; block-all-mixed-content; object-src 'none'; report-uri https://sentry.io/api/148442/security/?sentry_key=48196e632bb14305ad3fe47c6570e363 2
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.sentry.dev www.googletagmanager.com www.google-analytics.com www.googleadservices.com js.driftt.com connect.facebook.net assets.calendly.com player.vimeo.com www.redditstatic.com m.servedby-buysellads.com static.zdassets.com googleads.g.doubleclick.net bat.bing.com munchkin.marketo.net cdn.bizible.com cdn.amplitude.com; connect-src 'self' sentry.io *.sentry.io www.sentry.dev reload.getsentry.net api.amplitude.com ekr.zdassets.com sentry.zendesk.com www.google-analytics.com stats.g.doubleclick.net 776-mjn-501.mktoresp.com; img-src 'self' data: www.sentry.dev sentry-blog.storage.googleapis.com images.ctfassets.net www.google-analytics.com stats.g.doubleclick.net assets.calendly.com q.quora.com alb.reddit.com www.facebook.com www.googletagmanager.com bat.bing.com www.google.com i.vimeocdn.com i.ytimg.com cdn.bizible.com cdn.bizibly.com; style-src 'self' 'unsafe-inline' www.sentry.dev assets.calendly.com fonts.googleapis.com; media-src 'self' videos.ctfassets.net; font-src 'self' www.sentry.dev fonts.gstatic.com; frame-src player.vimeo.com www.youtube-nocookie.com js.driftt.com calendly.com bid.g.doubleclick.net; manifest-src 'self' www.sentry.dev; report-uri https://o1.ingest.sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 2
block-all-mixed-content ; report-uri /csp-report 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
frame-src 'self' *.google.com snapwidget.com *.consensu.org *.sharethis.com *.doubleclick.net *.greenhouse.io *.payoneer.com *.trustpilot.com *.oraclecloud.com *.driftt.com *.ubembed.com *.youtube.com *.github.io *.userway.org v.qq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.cookielaw.org *.convertexperiments.com *.marketo.net *.googleadservices.com *.bing.com *.licdn.com *.facebook.net *.taboola.com *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.sharethis.com *.consensu.org snapwidget.com *.onetrust.com *.greenhouse.io *.payoneer.com *.mouseflow.com *.salesloft.com *.trendemon.com *.trustpilot.com *.ubembed.com *.google.com *.dynatrace.com *.oraclecloud.com *.baidu.com *.driftt.com *.youtube.com *.daumcdn.net unpkg.com *.yandex.ru *.cloudflare.com *.strattic.com *.6sc.co *.jsdelivr.net *.bootstrapcdn.com *.twitter.com *.ads-twitter.com *.highcharts.com *.github.io *.qualtrics.com *.microsoft.com  *.userway.org *.tiktok.com *.googleoptimize.com *.adnxs.com; 2
default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; report-uri https://sentry.io/api/1312882/security/?sentry_key=9e854fd5af164d1e98cee1bedb942a22 2
style-src 'self' web-assets.waze.com fonts.googleapis.com; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' web-assets.waze.com www.youtube.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net s.ytimg.com ; report-uri https://csp.withgoogle.com/csp/waze/20200907_experiment; 2
connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://portfolio.adobe.com/api/v1/errors/csp 2
media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline'  'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors https://*.so-net.ne.jp http://*.so-net.ne.jp https://*.sonynetwork.co.jp https://*.sony.com https://*.sony.co.jp https://*.sonymobile.co.jp http://postpet.jp; report-uri /cgi-bin/csp-reports.cgi 2
frame-ancestors 'self' *.hudl.com *.youtube.com *.sendtonews.com *.cbssports.com *.247sports.com *.scout.com *.ampproject.org *.amp.cloudflare.com; default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https:; report-uri https://cbsi.report-uri.io/r/default/csp/reportOnly 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/private/csp-report 2
default-src 'self' 'unsafe-inline' *.fca.org.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.salesforceliveagent.com *.twentythree.net; img-src 'self' 'unsafe-inline' data: *.facebook.com *.google-analytics.com *.siteimproveanalytics.io *.google.com t.co *.doubleclick.net *.fca.org.uk *.google.ie *.videomarketingplatform.co www.google.co.uk *.nr-data.net *.googletagmanager.com *.fca.org.uk *.gstatic.com www.glassdoor.co.uk *.fca.org.uk; frame-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.doubleclick.net insight.adsrvr.org *.fca.org.uk *.googletagmanager.com *.youtube.com; frame-ancestors 'self' *.fca.org.uk; child-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.fca.org.uk; font-src 'self' fonts.gstatic.com *.fca.org.uk; connect-src 'self' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk fca.funnelback.co.uk *.googleapis.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://cspreport.olx.com.br/api/v1/cspreport/mixedcontent 2
block-all-mixed-content; report-uri /global-cgi-bin/csp-report 2
default-src 'self' 'unsafe-inline' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.drift.com *.driftt.com *.kinstacdn.com api.intellimize.co www.google-analytics.com www.instagram.com www.googleadservices.com *.quoracdn.net www.google.com *.googleapis.com snap.licdn.com googleads.g.doubleclick.net rum-static.pingdom.net *.wistia.com *.wistia.net api.greenhouse.io cdn.segment.com https://cdn.split.io cdn.madkudu.com cdn.bizible.com ga.clearbit.com app-sj27.marketo.com widget.drift.com *.jquery.com https://www.google-analytics.com https://www.googletagmanager.com *.quora.com *.hsforms.com *.hsforms.net munchkin.marketo.net s.adroll.com d.adroll.mgr.consensu.org d.adroll.com *.facebook.net static.ads-twitter.com *.twitter.com twitter.com *.6sc.co *.dca0.com *.twimg.com tpc.googlesyndication.com use.typekit.net drift.referralrock.com gateway.on24.com; img-src 'self' 'unsafe-inline' data: * ; report-uri https://o13824.ingest.sentry.io/api/5269096/security/?sentry_key=e9bb6faf1b4c4ce1927908a451904d1d 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/chrome 2
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.youtube.com www.googleadservices.com www.google.com www.google.it img06.en25.com tools.euroland.com www.google.ru m9m6e2w5.stackpathcdn.com www.google.de www.google.com.co cdn.decibelinsight.net platform.twitter.com apps.shareaholic.com snap.licdn.com cdn.cookielaw.org js.maxmind.com static.ads-twitter.com www.google.es www.googletagmanager.com analytics.twitter.com geolocation.onetrust.com www.google-analytics.com tags.tiqcdn.com; form-action  www.facebook.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.facebook.com www.google.com www.youtube.com platform.twitter.com amadeusitgroup.demdex.net *.doubleclick.net tools.eurolandir.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.googleapis.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com fonts.gstatic.com www.facebook.com geoip-js.com www.shareaholic.net cdn.cookielaw.org collection.decibelinsight.net privacyportal-eu.onetrust.com *.omtrdc.net dpm.demdex.net analytics.shareaholic.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.de www.google.ru www.google.com www.google.co.za *.doubleclick.net www.google.nl www.google.co.in cm.everesttech.net www.google.com.co px.ads.linkedin.com cdn.cookielaw.org www.google.at s266319173.t.eloqua.com www.google.com.br www.google.com.ar www.facebook.com img.youtube.com t.co www.google.fr www.google.it *.omtrdc.net www.google.es www.google.co.uk www.google.com.ng; report-uri /csp_report 2
script-src 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 2
default-src 'none'; connect-src https://caligraph.youcanbook.me/ https://in.hotjar.com/ https://realtime.youcanbook.me/ https://www.google-analytics.com wss://realtime.youcanbook.me/ https://stats.g.doubleclick.net 'self'; font-src https://fonts.gstatic.com/ https://static.hotjar.com/ data: 'self'; frame-src https://homepage.youcanbook.me/ https://vars.hotjar.com/ https://www.youtube.com/; img-src https://static.hotjar.com https://www.google-analytics.com/ https://www.gstatic.com/ https://zapier.com/ https://cdn.zapier.com/ data: 'self'; manifest-src 'self' ; script-src https://www.google-analytics.com/ https://*.doubleclick.net/ https://realtime.youcanbook.me/ https://s.ytimg.com/ https://*.hotjar.com/ https://www.youtube.com/ https://zapier.com/ 'unsafe-eval' 'unsafe-inline' 'self'; media-src 'self'; style-src https://fonts.googleapis.com/ 'unsafe-inline' 'self'; 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2
default-src 'self' data: https://067-umd-991.mktoresp.com https://analytics.twitter.com https://bam.nr-data.net https://bi-beta.pst.tech https://bi.pst.tech https://blog.postman.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.polyfill.io https://dl.pstmn.io https://fast.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://geolocation.onetrust.com https://in.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://ms1frkqnsp7r.statuspage.io https://munchkin.marketo.net https://pages.getpostman.com https://privacyportal.onetrust.com https://public.slidesharecdn.com https://px.ads.linkedin.com https://script.hotjar.com https://skills-assets.pstmn.io https://www.slideshare.net https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://vars.hotjar.com https://www.youtube.com https://p.adsymptotic.com https://assets.getpostman.com https://www.linkedin.com https://pixel.mathtag.com https://js.driftt.com https://www.googleleadservices.com https://google.g.doubleclick.net https://web.postman.com https://manifest.webmanifest https://www.googleadservices.com https://googleads.g.doubleclick.net https://px4.ads.linkedin.com https://i.ytimg.com https://api.mapbox.com https://events.mapbox.com/ 'unsafe-inline'; form-action 'self'; base-uri 'self';  block-all-mixed-content; report-uri https://sentry.postmanlabs.com/api/738/security/?sentry_key=9f4634749cc5431981a67baf042d0e9e; 2
default-src 'self' *.hsbc.co.uk 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net; script-src 'self' *.hsbc.co.uk 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net *.sc.omtrdc.net *.tiqcdn.com www.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net www.googleadservices.com www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com; img-src 'self' *.hsbc.co.uk *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net data: *.doubleclick.net *.tealiumiq.com *.sc.omtrdc.net *.everesttech.net www.google.com www.facebook.com bat.bing.com www.google.co.in www.google.com.hk *.twitter.com *.linkedin.com *.day.com *.adsrvr.org pixel.advertising.com s.amazon-adsystem.com *.analytics.yahoo.com t.co www.google.ca www.googleadservices.com www.google.co.uk tr.outbrain.com www.googletagmanager.com *.lpsnmedia.net p.adsymptotic.com; connect-src 'self' *.hsbc.co.uk *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net bat.bing.com *.tt.omtrdc.net *.sc.omtrdc.net *.tealiumiq.com *.siteintercept.qualtrics.com jsonip.com *.tiqcdn.com; script-src-elem 'self' *.hsbc.co.uk 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.sc.omtrdc.net *.lpsnmedia.net *.tiqcdn.com www.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net www.googleadservices.com www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com/; child-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.lpsnmedia.net *.doubleclick.net www.google.com www.recaptcha.net *.tealiumiq.com *.tiqcdn.com; frame-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.doubleclick.net *.tealiumiq.com www.google.com *.tiqcdn.com *.lpsnmedia.net www.recaptcha.net; frame-ancestors 'self'; upgrade-insecure-requests ; 2
default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; plugin-types application/pdf; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.etracker.com/ https://*.etracker.de/ https://*.signalize.com/; img-src 'self' data: s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com i.ytimg.com; frame-src 'self' data: www.youtube.com; child-src 'self' data: www.youtube.com; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src https: 'unsafe-inline';connect-src https:;frame-src https:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data:;media-src https: blob:; report-uri /csp_rep 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.amplitude.com https://cdn.lr-ingest.io https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://secure.aadcdn.microsoftonline-p.com https://appleid.cdn-apple.com https://d.impactradius-event.com https://js.stripe.com https://checkout.stripe.com https://www.dropbox.com https://cdn.onesignal.com https://onesignal.com; worker-src 'self' blob:; report-uri /csp-violation-report 2
connect-src * https://*.tiles.mapbox.com https://api.mapbox.com; default-src blob:; font-src * data:; frame-src * data:; img-src * data: blob:; object-src data:; report-uri /vizql/csp-report; script-src * blob:; style-src * 'unsafe-inline' 2
default-src data: https: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /mixed-content-collector; 2
report-uri https://csp.rz.uni-kiel.de/report; report-to csp; 2
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.natwest.com *.neolane.net *.nwolb.com *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dm *.google.dz *.google.es *.google.fi *.google.fr *.google.ge *.google.gg *.google.gm *.google.gp *.google.gr *.google.gy *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.la *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc*.google.se *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.tg *.google.tm *.google.tn *.google.tt adservice.google.ro *.googleapis.com *.live.hdexternal.co.uk *.hdddirectsolutions.co.uk fonts.gstatic.com *.everesttech.net *.everestjs.net cdn.cookielaw.org; upgrade-insecure-requests; report-uri https://natwestpersonal.report-uri.com/r/t/csp/reportOnly; cdn-apple.com 2
default-src 'self';connect-src 'self' https://maps.googleapis.com https://cex.io wss://ws.cex.io/ws;frame-src 'self' * ext.cex.io;font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://static.cex.io;img-src 'self' data: https://static.cex.io;media-src 'self' https://static.cex.io;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://code.jquery.com https://static.cex.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cex.io;report-uri https://cex.io/cspr; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
frame-ancestors 'none'; block-all-mixed-content; default-src 'none'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; object-src 'none'; frame-src 'none'; child-src 'none'; img-src 'self'; font-src 'self'; connect-src 'none'; manifest-src 'none'; base-uri 'self'; form-action 'none'; media-src 'none'; prefetch-src 'none'; worker-src 'none'; report-uri https://gate.rapidsec.net/g/r/csp/1fd6f776-a9fc-4559-b96f-35c786b7aac4/0/0/3?sct=ec2420d6-f204-40ea-aa00-9274e9514a62&dpos=report 2
frame-ancestors *.adguard.com adguard.com 'self'; connect-src *.doubleclick.net https://www.google-analytics.com *.adguard.com adguard.com 'self'; script-src https://www.google-analytics.com https://cdn.paddle.com/paddle/paddle.js https://widget.cloudpayments.ru/bundles/cloudpayments *.adguard.com adguard.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src cdn.paddle.com *.adguard.com adguard.com 'unsafe-inline' 'self'; img-src * data: *.adguard.com adguard.com 'self'; frame-src *.paddle.com widget.cloudpayments.ru *.youtube.com *.adguard.com adguard.com 'self'; font-src  *.adguard.com adguard.com 'self'; report-uri https://sentry.adguard.com/api/141/security/?sentry_key=25d351967596406c8824d0677089b8ea; default-src *.adguard.com adguard.com 'self' 2
require-trusted-types-for 'script';report-uri /_/Gstore/cspreport 2
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cludo.com *.facebook.net *.flickr.com *.fontawesome.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.monsido.com *.myfwc.com *.sharethis.com *.webreserv.com *.wufoo.com *.youtube.com;object-src 'self' *.myfwc.com;style-src 'self' 'unsafe-inline' *.cludo.com *.googleapis.com *.myfwc.com *.sharethis.com;img-src 'self' data: *.cludo.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sharethis.com *.staticflickr.com *.vimeocdn.com *.ytimg.com;media-src 'self';frame-src 'self' *.consensu.org *.google.com *.googletagmanager.com *.myfwc.com *.vimeo.com *.webreserv.com *.wufoo.com *.youtube.com;font-src 'self' data: *.gstatic.com;connect-src 'self' *.cludo.com *.doubleclick.net *.flickr.com *.fontawesome.com *.google-analytics.com *.googleapis.com *.sharethis.com *.vimeo.com vimeo.com;manifest-src 'self';report-uri /WebResource.axd?cspReport=true https://csp-reports.proworks.xyz/r/d/csp/reportOnly 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.vibe.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.baidu.com http://*.baidu.com https://*.baidustatic.com http://*.baidustatic.com https://*.hao123.com http://*.hao123.com https://*.bdstatic.com http://*.bdstatic.com https://*.hao123img.com http://*.hao123img.com https://*.hao222.com http://*.hao222.com https://*.baidu.cn http://*.baidu.cn https://*.shifen.com http://*.shifen.com https://*.bdimg.com http://*.bdimg.com https://*.bcebos.com http://*.bcebos.com https://dwz.cn http://dwz.cn; img-src * data:; media-src * data:; report-uri /hao123_api/csp/report 2
block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 2
default-src 'self' * 'unsafe-inline'; img-src 'self' data: *; 2
default-src 'self' *.kwai-pro.com *.kwai.net *.kwai.com *.kwai.me *.kwai.app;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kwai.com *.kwai.net *.yximgs.com hm.baidu.com cdn.polyfill.io www.googletagmanager.com www.google-analytics.com https://connect.facebook.net asset:;img-src 'self' *.kwai.net *.yximgs.com *.kuaishou.com *.kwai.com https://www.google.cl hm.baidu.com www.google.com www.google.cn https://www.google.com.br https://www.google.com.co https://www.google-analytics.com https://www.googletagmanager.com  https://www.facebook.com https://www.gstatic.com data:;media-src 'self' *.kwai.net *.kwai.com;connect-src 'self' *.kwai.net *.kwai.com *.kwai-pro.com www.google-analytics.com stats.g.doubleclick.net hm.baidu.com https://log-sdk.ksapisrv.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.kwai.net *.kwai.com *.yximgs.com data:;font-src 'self' *.kwai.com *.kwai.net https://fonts.gstatic.com data:;frame-src 'self' *.kuaishou.com;form-action 'self' *.kwai.com;report-uri https://csplog.kwai-pro.com/log/kwai/wwwkwai 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 2
default-src 'self' *.my127.site blob: *.webpipeline.net *.my127.site *.brightcove.net *.brightcove.com *.boltdns.net *.akamaihd.net *.typekit.net *.nr-data.net *.buyatab.com *.aman.com *.quantummetric.com  'unsafe-inline' 'unsafe-eval'; worker-src blob:; child-src blob:;; script-src 'self' 'unsafe-inline' blob: *.googleapis.com 'unsafe-eval' *.webpipeline.net *.brightcove.net *.googletagmanager.com *.zencdn.net *.newrelic.com *.nr-data.net *.typekit.net *.buyatab.com *.aman.com *.ipstack.com *.quantummetric.com *.doubleclick.net *.yimg.jp *.googleadservices.com; style-src 'self' 'unsafe-inline' cloud.typography.com *.webpipeline.net *.buyatab.com *.aman.com; img-src 'self' *.my127.site data: *.webpipeline.net *.brightcove.net *.brightcove.com *.boltdns.net *.googletagmanager.com *.buyatab.com *.aman.com; media-src 'self' blob: *.akamaihd.net *.boltdns.net *.buyatab.com *.aman.com; frame-src *; child-src blob: *.doubleclick.net; font-src 'self' *.my127.site data: *.webpipeline.net *.typekit.net *.aman.com; report-uri https://aman.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 2
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=businessinsider.com.pl::RING_WEBSITES_2_0_70 2
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.104.ua; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com static.104.ua; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.104.ua; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.104.ua www.googletagmanager.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.104.ua ; form-action 'none' data: blob: ; report-uri /csp_report 2
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; block-all-mixed-content 2
default-src 'self'; img-src 'self' data: https:; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com www.google.com/jsapi *.facebook.net *.facebook.com *.recaptcha.net *.gstatic.com; connect-src 'self' sentry.io 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 2
default-src https:; media-src blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 2
script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 2
default-src 'self' data: https://s3.cn-north-1.amazonaws.com.cn/aws-assets-prod/; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://amazonwebservices.d2.sc.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://aws-brew-sr-offers-china-live-prod-cn-north-1.s3.cn-north-1.amazonaws.com.cn https://b0.p.awsstatic.cn https://c0.b0.p.awsstatic.cn https://d2i62n0n7jhjo8.cloudfront.net https://d2x0ubwn53pje2.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://s3.cn-north-1.amazonaws.com.cn/aws-assets-prod/ https://s3.cn-north-1.amazonaws.com.cn/aws-dam-prod/ https://view-stage.cn-northwest-1.prod.pricing.aws.a2z.org.cn; font-src 'self' data: https://fonts.gstatic.com https://s3.cn-north-1.amazonaws.com.cn/aws-assets-prod/; frame-src 'self' https://c0.b0.p.awsstatic.cn https://dpm.demdex.net; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://s3.cn-north-1.amazonaws.com.cn/aws-assets-prod/ https://s3.cn-north-1.amazonaws.com.cn/aws-dam-prod/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com; media-src 'self' https://*.libsyn.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southeast-1.amazonaws.com https://onlineedu.s3.cn-north-1.amazonaws.com.cn https://s3.cn-north-1.amazonaws.com.cn/aws-dam-prod/ https://www.buzzsprout.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://s3.cn-north-1.amazonaws.com.cn/aws-assets-prod/ https://static.doubleclick.net https://website.spot.ec2.aws.a2z.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://acerendering-awsmarketplace.amazonaws.cn https://contessa-awsmarketplace.amazonaws.cn https://s3.cn-north-1.amazonaws.com.cn/aws-assets-prod/; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 2
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: rumcdn.geoedge.be cdn.ampproject.org connect.facebook.net tpc.googlesyndication.com cdns.gigya.com cdnassets.hw.net hit.uptrendsdata.com ads2000.hw.net apis.google.com www.googletagservices.com fw.adsafeprotected.com www.google.com www.googleadservices.com *.doubleclick.net adservice.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fw.adsafeprotected.com www.google.com *.doubleclick.net cdns.gigya.com tpc.googlesyndication.com *.googlesyndication.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnassets.hw.net px.moatads.com tpc.googlesyndication.com www.facebook.com www.google-analytics.com dt.adsafeprotected.com pagead2.googlesyndication.com edba.brealtime.com csi.gstatic.com www.google.com *.doubleclick.net cdns.gigya.com s0.2mdn.net; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ads2000.hw.net cdnassets.hw.net; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: csi.gstatic.com login.builderonline.com hit.uptrendsdata.com www.facebook.com fastlane.rubiconproject.com *.doubleclick.net cdns.gigya.com hb.emxdgt.com gw.geoedge.be adservice.google.com dt.adsafeprotected.com pagead2.googlesyndication.com tpc.googlesyndication.com as-sec.casalemedia.com cdns.us1.gigya.com www.google-analytics.com ap.lijit.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com cdnassets.hw.net ; form-action 'none' data: blob: ; report-uri /csp_report 2
default-src 'self' https: wss://widget-mediator.zopim.com; font-src 'self' https: data:; frame-ancestors 'none'; img-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri https://webhook.logentries.com/noformat/logs/025b65f5-c6dd-4ac0-ba93-87161263b690 2
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
string 2
font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.stripe.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ insight.adsrvr.org match.adsrvr.org www.affirm.com sandbox.affirm.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net www.facebook.com script.google.com vars.hotjar.com *.klarnaservices.com *.online-metrix.net imgs.signifyd.com *.vimeo.com vimeo.com record.webeyez.com d.emails.wahoofitness.com *.yotpo.com *.youtube.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.adnxs.com insight.adsrvr.org match.adsrvr.org *.affirm.com *.atdmt.com *.bing.com *.bazaarvoice.com dis.criteo.com gum.criteo.com ad.doubleclick.net stats.g.doubleclick.net cdn.dynamicyield.com www.facebook.com *.google.com *.gstatic.com eu.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io www.lightboxcdn.com simage2.pubmatic.com alb.reddit.com imgs.signifyd.com t.co *.wahoofitness.com ads.yahoo.com *.analytics.yahoo.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.stripe.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.adnxs.com js.adsrvr.org lightboxapi.azurewebsites.net bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com *.affirm.com static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.google.com *.googleapis.com googleads.g.doubleclick.net www.gstatic.com static.hotjar.com script.hotjar.com *.ktxlytics.io www.lightboxcdn.com cdn.livesession.io js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv imgs.signifyd.com static.ads-twitter.com analytics.twitter.com d.emails.wahoofitness.com record.webeyez.com sec.webeyez.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com display.ugc.bazaarvoice.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com www.lightboxcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.bazaarvoice.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.affirm.com bam-cell.nr-data.net *.bing.com cdn.cookielaw.org track.cordial.io script.crazyegg.com i.ctnsnet.com stats.g.doubleclick.net *.dynamicyield.com www.google-analytics.com analytics.google.com in.hotjar.com vc.hotjar.io mpsnare.iesnare.com wss: eu.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io rs.livesession.io bam.nr-data.net privacyportal.onetrust.com insight.reflow.tv imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 bt.signifyd.com:11103 d.emails.wahoofitness.com vimeo.com record.webeyez.com send.webeyez.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' *.fineco.it *.finecobank.com finecobank.com *.promotorifinecobank.it *.finecobank.co.uk www.youtube.com responder.wt-safetag.com www.google-analytics.com www.googletagmanager.com connect.facebook.net bat.bing.com track.adform.net js.omg.neodatagroup.com trz.neodatagroup.com pixeL.mathtag.com www.google.com g.microsoft.com s2.adform.net googLeads.g.doubLeclick.net static.opentok.com cdn.cookielaw.org data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors finecobank.com finecobank.co.uk *.fineco.it *.promotorifinecobank.it *.finecobank.co.uk; frame-src finecobank.com finecobank.co.uk *.fineco.it *.promotorifinecobank.it *.finecobank.co.uk www.youtube.com *.mateti.net vars.hotjar.com track.adform.net c1.adform.net widget.trustpilot.com; img-src 'self' data: https://images.fineco.it https://images.finecobank.com https://images-t.finecobank.com https://images-dev.devapps.fineco.it https://finecobank.com http://localhost:9095 https://analytics.google.com https://t.mateti.net https://lt.morningstar.com https://www.morningstar.it https://t.co https://www.linkedin.com https://px.ads.linkedin.com https://d.omg.neodatagroup.com https://www.youronlinechoices.com https://uip.semasio.net https://server.seadform.net https://aax-eu.amazon-adsystem.com https://pixel.mathtag.com https://tracker.neodatagroup.com https://www.google-analytics.com https://*.twimg.com https://finecoitalia01.wt-eu02.net https://bat.bing.com https://www.facebook.com https://cm.g.doubLeclick.net https://match.adsrvr.org https://dmp.adform.net https://secure.adnxs.com https://b1sync.zemanta.com https://cms.anaLytics.yahoo.com https://trz.neodatagroup.com https://www.googLe.com https://www.googLe.it ; connect-src wss://tradepush.finecobank.com https://*.fineco.it https://*.finecobank.com https://finecobank.com https://analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://vc.hotjar.io https://script.crazyegg.com https://r.mateti.net wss://*.tokbox.com https://www.google-analytics.com https://*.tokbox.com https://config.opentok.com https://anvil.opentok.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.trustpilot.com  'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' *.fineco.it *.finecobank.com finecobank.com responder.wt-safetag.com static.opentok.com www.google-analytics.com track.adform.net s2.adform.net trz.neodatagroup.com pixel.mathtag.com d.omg.neodatagroup.com js.omg.neodatagroup.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net cdn.mateti.net static.hotjar.com static.ads-twitter.com snap.licdn.com script.crazyegg.com ethn.io script.hotjar.com analytics.twitter.com www.youtube.com widget.trustpilot.com cdn.cookielaw.org 'unsafe-eval' 'unsafe-inline'; report-uri https://www.fineco.it/_csp-report 2
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self';  frame-ancestors 'self' *.inloco.com.br 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://pmc.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src * ldb1: data:; media-src * data: about:; frame-ancestors 'self' *.aleks.com *.connectmath.com *.mhcampus.com; report-uri /aleks/csp_report?stamp=web2020111702&uri=%2F&referer= 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.criteo.com https://*.dynamicyield.com https://*.g.doubleclick.net https://*.hotjar.com https://*.salesforceliveagent.com https://*.taboola.com https://ajax.googleapis.com https://amplify.outbrain.com https://api.tiles.mapbox.com/mapbox-gl-js/v0.40.0/mapbox-gl.js https://app-ab06.marketo.com https://bat.bing.com/bat.js https://cdn.heapanalytics.com/js/ https://cdn.walkme.com https://cdnjs.cloudflare.com https://connect.facebook.net https://dsms0mj1bbhn4.cloudfront.net/assets/pub/shareaholic.js https://extend.vimeocdn.com https://flex.atdmt.com https://freecurrencyrates.com https://graph.facebook.com https://intljs.rmtag.com https://k4z6w9b5.stackpathcdn.com https://media.gadventures.com/ghql/ https://munchkin.marketo.net https://npmcdn.com/@turf/turf@4.6.1/turf.min.js https://rules.quantcount.com https://s.pinimg.com https://s.ytimg.com https://s3.amazonaws.com/gadventures/ https://secure.quantserve.com https://service.force.com https://starling.crowdriff.com/js/ https://static.criteo.net https://static.filestackapi.com https://tags.tiqcdn.com/utag/gadventures/ https://tags.tiqcdn.com/utag/tiqapp/ https://tpc.googlesyndication.com https://upload.crowdriff.com/js/ https://use.fontawesome.com https://widget.trustpilot.com https://widgets.pinterest.com https://www.awin1.com https://www.dwin1.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com/iframe_api https://media.gadventures.com/media-server/; style-src 'unsafe-inline' https://api.tiles.mapbox.com/mapbox-gl-js/v0.40.0/mapbox-gl.css https://app-ab06.marketo.com https://cdn.dynamicyield.com https://cdnjs.cloudflare.com https://fonts.googleapis.com/css https://s3.amazonaws.com/gadventures/ https://service.force.com https://starling.crowdriff.com/css/ https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/leaflet.css https://use.fontawesome.com https://media.gadventures.com/media-server/; frame-ancestors 'self'; manifest-src https://media.gadventures.com; default-src 'none'; frame-src https://*.criteo.com https://*.facebook.com https://*.instagram.com https://app-ab06.marketo.com https://bid.g.doubleclick.net/xbbe/pixel https://cdn.walkme.com https://gadventures.qualtrics.com https://maps.google.com https://player.vimeo.com https://service.force.com https://static.criteo.net https://tpc.googlesyndication.com https://vars.hotjar.com https://widget.trustpilot.com https://www.awin1.com https://www.youtube.com; upgrade-insecure-requests; img-src 'self' blob: data: https://*.criteo.com https://*.criteo.net https://*.g.doubleclick.net https://*.gadventures.com https://*.outbrain.com https://bat.bing.com https://cdn.dynamicyield.com/api/8771071/images/ https://ct.pinterest.com https://cx.atdmt.com https://d3qvqlc701gzhm.cloudfront.net https://freecurrencyrates.com https://heapanalytics.com https://i.vimeocdn.com https://i.ytimg.com https://media-gadventures.global.ssl.fastly.net https://nypi.dc-storm.com https://pixel.quantserve.com https://starling.crowdriff.com https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/images/ https://www.awin1.com https://www.clixgalore.com https://www.emjcd.com https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.zenaps.com/a/b.php https://media.gadventures.com/media-server/ https://www.google.com; connect-src 'self' https://*.dynamicyield.com https://*.filestackapi.com https://110-ail-152.mktoresp.com/webevents/ https://analytics.shareaholic.com https://api.maptiler.com https://ct.pinterest.com/user/ https://heapanalytics.com https://in.hotjar.com https://media.gadventures.com https://rest.gadventures.com https://sentry.io/api/126322/store/ https://starling.crowdriff.com/graphql https://stats.g.doubleclick.net https://trc.taboola.com https://upload.crowdriff.com https://vc.hotjar.io https://widget.trustpilot.com/data/jsonld/business-unit/ https://www.facebook.com/tr/ https://www.google-analytics.com https://www.shareaholic.net; child-src blob:; media-src https://crowdriff-video-upload.s3.amazonaws.com https://media-gadventures.global.ssl.fastly.net https://www.gadventures.com https://media.gadventures.com/media-server/; font-src data: https://cdn.dynamicyield.com/onsite/fonts/ https://cdnjs.cloudflare.com https://fonts.gstatic.com https://freecurrencyrates.com https://k4z6w9b5.stackpathcdn.com https://media-gadventures.global.ssl.fastly.net https://s3.amazonaws.com/gadventures/ https://use.fontawesome.com https://media.gadventures.com/media-server/; form-action 'self' https://*.facebook.com 2
font-src *.head.com *.head-test.com cloud.webtype.com use.fontawesome.com *.hotjar.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.cookiebot.com www.youtube.com vars.hotjar.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com pls.webtype.com www.w3.org data: www.google.com www.google.de www.google.com.ua googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com *.ytimg.com bat.bing.com head.locally.com *.hotjar.com img.youtube.com *.oppwa.com oppwa.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adyen.com jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com js-agent.newrelic.com bam.nr-data.net www.google.com *.scarabresearch.com head.locally.com bat.bing.com hit.uptrendsdata.com/ static.hotjar.com script.hotjar.com www.googleadservices.com *.cookiebot.com connect.getflowbox.com www.gstatic.com *.abtasty.com *.oppwa.com oppwa.com *.yotpo.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.head.com *.head-test.com cloud.webtype.com use.fontawesome.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src *.head.com *.head-test.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com bam.nr-data.net webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com oppwa.com *.oppwa.com hit.uptrendsdata.com/ *.abtasty.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.head.com *.head-test.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com rec.smartlook.com; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net use.typekit.net; form-action 'self' https://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com youtube.com https://*.twitter.com *.twitter.com; img-src 'self' https://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net *.doubleclick.net https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com blob: data:; media-src https://youtube.com youtube.com; object-src 'none'; script-src 'self' https://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com https://platform.twitter.com platform.twitter.com https://rec.smartlook.com rec.smartlook.com https://*.twimg.com *.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net *.typekit.net https://*.googleapis.com *.googleapis.com https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com 'unsafe-inline'; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data:;report-uri /error/cspreport;connect-src ws: https: 'unsafe-inline' 'unsafe-eval' data:; 2
default-src blob: data: https:; script-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://www.hsn.com/mixed-content-collector; 2
default-src 'self' www.youtube.com *.stripe.com *.addthis.com; script-src 'self' assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' www.google-analytics.com *.stripe.com https://apis.google.com/ 'unsafe-eval' maps.googleapis.com *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com https://cdnjs.cloudflare.com/ajax/libs/lamejs/1.2.0/lame.min.js; script-src-elem assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' www.google-analytics.com *.stripe.com https://apis.google.com/ 'unsafe-eval' maps.googleapis.com *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com play.vidyard.com; worker-src blob: 'self'; font-src 'self' data: assets.sutori.com fonts.gstatic.com https://client.crisp.chat; connect-src 'self' https://www.googleapis.com wss://www.sutori.com assets.sutori.com s3.amazonaws.com/assets.sutori.com www.google-analytics.com *.stripe.com api.amplitude.com wss://*.crisp.chat https://*.crisp.chat *.addthis.com https://syndication.twitter.com/settings https://*.wikipedia.org geo.query.yahoo.com *.flickr.com owcqxq3rnb.execute-api.us-east-1.amazonaws.com api.unsplash.com risk.clearbit.com blob:; img-src 'self' data: * maps.googleapis.com https://maps.gstatic.com/mapfiles/api-3/images/ https://csi.gstatic.com/ https://i.ytimg.com *.addthis.com *.pinterest.com *.iubenda.com; style-src 'self' assets.sutori.com platform.twitter.com 'unsafe-inline' *.googleapis.com https://client.crisp.chat *.iubenda.com cdn.thinglink.me https://ton.twimg.com cdn.headwayapp.co; media-src 'self' assets.sutori.com https://client.crisp.chat blob:; child-src 'self' * https://www.sutori.com *.stripe.com https://accounts.google.com/o/oauth2/postmessageRelay https://accounts.google.com/o/oauth2/iframe https://www.google.com/ https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ *.addthis.com *.pinterest.com blob:; manifest-src assets.sutori.com; 2
font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.facebook.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.cloudfront.net *.baen.com *.twitter.com *.twimg.com store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.twitter.com *.fontawesome.com *.facebook.net *.authorize.net js.authorize.net jstest.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.twitter.com *.twimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.authorize.net *.google-analytics.com *.doubleclick.net js.authorize.net jstest.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2
frame-ancestors http://*.infomart.co.jp https://*.infomart.co.jp http://infomart.co.jp https://infomart.co.jp http://www.foods-ch.com https://www.foods-ch.com http://foods-ch.com https://foods-ch.com *.medicalinfomart.com *.beautyinfomart.com; report-uri https://es.infomart.co.jp/csp-report; 2
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net 	 https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 2
font-src fonts.googleapis.com fonts.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.scottsdaleaz.gov https://*.livehelpnow.net https://*.addthis.com https://*.addthisedge.com https://*.workflowcloud.com https://*.cognitoforms.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://*.google.com https://edge.addthis.com https://cdn.jsdelivr.net https://www.truejob.com https://secure.leadforensics.com https://*.zoomprospector.com https://*.sizeup.com https://siteimproveanalytics.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://*.recollect.net https://assets.us.recollect.net https://translate.google.com https://www.youtube-nocookie.com https://www.youtube.com https://cdn.polyfill.io https://z.moatads.com https://stckjs.stackify.com https://oss.maxcdn.com https://code.jquery.com https://my.nicheacademy.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://*.arcgis.com https://www.instagram.com https://cdn.syndication.twimg.com https://widget.surveymonkey.com http://scottsdale.granicus.com; script-src-elem 'self' 'unsafe-inline' https://api.recollect.net https://api-public.addthis.com https://assets.us.recollect.net https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://js.arcgis.com https://secure.leadforensics.com https://*.addthis.com https://v1.addthisedge.com https://oss.maxcdn.com https://s7.addthis.com https://siteimproveanalytics.com https://stackpath.bootstrapcdn.com https://*.cognitoforms.com https://stckjs.stackify.com https://*.google.com https://*.googleapis.com https://widget.surveymonkey.com https://*.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://thunderstone.scottsdaleaz.gov https://*.livehelpnow.net https://cdn.polyfill.io https://*.scottsdaleaz.gov https://cdnjs.cloudflare.com https://my.nicheacademy.com https://oss.maxcdn.com https://siteimproveanalytics.com https://z.moatads.com/ https://www.truejob.com; style-src 'self' 'unsafe-inline' https://*.scottsdaleaz.gov https://*.livehelpnow.net https://maxcdn.bootstrapcdn.com https://*.nicheacademy.com https://cdnjs.cloudflare.com https://*.google.com https://*.twimg.com https://*.ctctcdn.com https://*.arcgis.com https://recollect.a.ssl.fastly.net https://www.cognitoforms.com https://platform.twitter.com https://fonts.googleapis.com https://translate.googleapis.com https://system/css/ip-backend.css; style-src-elem 'self' 'unsafe-inline' https://www.google.com https://*.googleapis.com https://*.nicheacademy.com https://cdnjs.cloudflare.com https://developer.livehelpnow.net https://js.arcgis.com https://maxcdn.bootstrapcdn.com https://recollect.a.ssl.fastly.net https://www.cognitoforms.com https://thunderstone.scottsdaleaz.gov; img-src 'self' data: https://*.scottsdaleaz.gov http://www.scottsdaleaz.gov https://*.scottsdalelibrary.org https://*.choosescottsdale.com https://www.google.ca https://s7.addthis.com https://www.google.co https://www.google.co.uk https://www.google.com.mx https://www.google.com https://*.ytimg.com https://www.paypalobjects.com https://prod.smassets.net https://*.cloudfront.net https://*.cognitoforms.com https://www.syndetics.com https://*.suiteonemedia.com https://*.livehelpnow.net https://*.arcgis.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.twimg.com https://platform.twitter.com https://www.gstatic.com https://8575.global.siteimproveanalytics.io https://recollect.a.ssl.fastly.net https://recollect-images.global.ssl.fastly.net https://api.recollect.net https://www.facebook.com http://img.youtube.com; font-src 'self' data: https://fonts.gstatic.com https://*.livehelpnow.net https://*.arcgis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.cognitoforms.com https://scottsdale.polarislibrary.com https://recollect.a.ssl.fastly.net https://recollect-images.global.ssl.fastly.net; connect-src 'self' https://*.scottsdaleaz.gov https://outlook.office365.com https://*.addthis.com https://*.livehelpnow.net https://*.arcgis.com https://*.googleapis.com https://*.ctctcdn.com https://www.google-analytics.com https://utility.arcgisonline.com https://campaign.constantcontact.com https://stats.g.doubleclick.net https://www.cognitoforms.com https://api.nicheacademy.com https://new229.com wss://app.livehelpnow.net; media-src 'self' data: https://developer.livehelpnow.net https://cdn.hiretual.com https://*.suiteonemedia.com; object-src 'self'; prefetch-src 'self'; child-src 'self' blob:; frame-src 'self' data: https://*.scottsdaleaz.gov https://*.google.com https://outlook.office365.com https://*.workflowcloud.com https://www.eventsquid.com https://azscottsdaleccrt1.suiteonemedia.com https://www.arcgis.com https://*.suiteonemedia.com https://*.nintex.io https://*.sizeup.com https://www.youtube.com https://www.youtube-nocookie.com https://api.recollect.net https://widget.spreaker.com https://scottsdale.granicus.com https://www.truejob.com https://*.zoomprospector.com https://iframe.c2er.org https://s7.addthis.com https://edge.addthis.com https://scottsdale.libnet.info https://www.surveymonkey.com https://www.facebook.net https://www.facebook.com https://*.twitter.com https://www.instagram.com https://cos-gis.maps.arcgis.com https://forms.office.com https://www.googletagmanager.com https://my.nicheacademy.com; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' https://*.twitter.com https://eservices.scottsdaleaz.gov https://scottsdale.polarislibrary.com https://www.paypal.com; report-uri https://eservicestest.scottsdaleaz.gov/reporturi/listener 2
report-uri https://cd36466f21f5db895967ac9cb87c0cb5.report-uri.com/r/d/csp/reportOnly; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://ad.doubleclick.net https://browser.sentry-cdn.com https://bs.serving-sys.com https://cdn.monsido.com https://connect.facebook.net https://googleads.g.doubleclick.net https://in.getclicky.com https://media.twiliocdn.com https://pagead2.googlesyndication.com https://s.ytimg.com https://sc-static.net https://script.hotjar.com https://snap.licdn.com https://static.getclicky.com https://static.hotjar.com https://www.google.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://www.youtube.com https://secure-ds.serving-sys.com https://bam-cell.nr-data.net https://maps.googleapis.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src * data:; font-src * data:; frame-ancestors self 2
default-src https: data: 'unsafe-inline' 'unsafe-eval';report-uri /wsapi/rest/v1/logging/reportcspviolation; 2
default-src self https: data: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; report-uri https://fa920c4c3c2352efe32641b67b2f3fbe.report-uri.com/r/d/csp/reportOnly 2
block-all-mixed-content; frame-ancestors 'self'; report-uri https://vault.gostatera.com/collect/csp; 2
report-uri /api/csp-report/ 2
default-src 'self' https://*.wistia.com https://*.wistia.net https://*.hsforms.net https://*.hsforms.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'report-sample' https://*.wistia.com https://*.wistia.net https://1r4z5a9gfu1acm33245gbc10-wpengine.netdna-ssl.com  https://embedwistia-a.akamaihd.net/ https://bat.bing.com https://cdn.mxpnl.com https://cdnjs.cloudflare.com/ajax/libs/ https://connect.facebook.net/en_US/ https://d.adroll.com https://d.adroll.mgr.consensu.org/consent/ https://fast.wistia.com https://forms.hsforms.com https://googleads.g.doubleclick.net/ https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsforms.net https://js.hsleadflows.net https://js.usemessages.com https://maxcdn.bootstrapcdn.com https://s.adroll.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com/c/ https://static.manula.com/js/ https://t.trackedlink.net https://unpkg.com/@lottiefiles/ https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' 'report-sample' https://*.wistia.com https://*.wistia.net https://1r4z5a9gfu1acm33245gbc10-wpengine.netdna-ssl.com https://cdn.manula.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://static.manula.com; img-src 'self' data: https://*.wistia.com https://*.wistia.net https://1r4z5a9gfu1acm33245gbc10-wpengine.netdna-ssl.com https://bat.bing.com https://cdn.manula.com https://dify.wpengine.com https://embedwistia-a.akamaihd.net https://googleads.g.doubleclick.net https://manula.r.sizr.io https://manula.s3.amazonaws.com https://px.ads.linkedin.com https://secure.gravatar.com https://static.manula.com https://track.hubspot.com https://tracking.g2crowd.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://dc.ads.linkedin.com; connect-src 'self' https://*.wistia.com https://1r4z5a9gfu1acm33245gbc10-wpengine.netdna-ssl.com https://bat.bing.com https://*.hsforms.net https://*.hsforms.com https://forms.hubspot.com/  https://embedwistia-a.akamaihd.net/ https://api.hubspot.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/prod/ https://js.hs-banner.com/cookie-banner/ https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://1r4z5a9gfu1acm33245gbc10-wpengine.netdna-ssl.com https://fonts.gstatic.com https://www.condecosoftware.com https://script.hotjar.com/; media-src 'self' data: blob: https://1r4z5a9gfu1acm33245gbc10-wpengine.netdna-ssl.com https://www.condecosoftware.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://embedwistia-a.akamaihd.net/; child-src blob:;  form-action 'self'  https://forms.hsforms.com;  frame-ancestors 'self' https://vars.hotjar.com; object-src 'none'; frame-src 'self' https://app.hubspot.com https://vars.hotjar.com https://www.youtube.com https://youtube.com https://forms.hsforms.com https://*.wistia.net/ https://*.wistia.com/; worker-src 'self' blob:; base-uri 'self'; 2
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; frame-ancestors *.calypso.net.au *.flightcentre.com.au; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 2
font-src fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net player.vimeo.com www.googletagmanager.com data: youtube.com www.youtube.com vimeo.com google.com www.google.com www.gstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com www.google.com www.google.ca maps.gstatic.com www.maps.gstatic.com maps.googleapis.com developers.google.com play.google.com linkmaker.itunes.apple.com ssl.gstatic.com img.riskified.com www.w3.org 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.youtube.com jquery.sellxed.com data: js-agent.newrelic.com maps.googleapis.com google.com www.google.com www.gstatic.com bam.nr-data.net bam-cell.nr-data.net tagmanager.google.com beacon.riskified.com www.beanstream.com web.na.bambora.com c.riskified.com dpm.demdex.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com tagmanager.google.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net bam.nr-data.net bam-cell.nr-data.net c.riskified.com stats.g.doubleclick.net www.google-analytics.com web.na.bambora.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com store.paradoxlabs.com maps.gstatic.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.avada.io *.authorize.net maps.googleapis.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.authorize.net *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/edu_google 2
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 2
default-src 'self' blob:; child-src: 'self' blob:; script-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net cdn.cookielaw.org assets.adobedtm.com players.brightcove.net img.en25.com vjs.zencdn.net www.automation.siemens.com w3.siemens.com profiles.siemens.com; style-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net profiles.siemens.com; img-src 'self' data: assets.new.siemens.com maps.siemens.com metrics.brightcove.com brightcove04pmdo-a.akamaihd.net cf-images.eu-west-1.prod.boltdns.net cf-images.us-east-1.prod.boltdns.net siemens.sc.omtrdc.net track.adform.net s2033604275.t.eloqua.com cdn.cookielaw.org cookies.siemens.com; font-src 'self' data: tools.adlytics.net; connect-src 'self' search.new.siemens.com w3.siemens.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net *.demdex.net tools.adlytics.net cdn.cookielaw.org dmp.adform.net metrics.brightcove.com edge.api.brightcove.com secure.brightcove.com *.media.brightcove.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.fortbildung.siemens.com profiles.siemens.com searchapi.new.siemens.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; media-src 'self' assets.new.siemens.com secure.brightcove.com *.media.brightcove.com blob: manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com; worker-src 'self' 'unsafe-inline' blob:; object-src players.brightcove.net; block-all-mixed-content; reflected-xss block; base-uri 'self'; referrer origin-when-cross-origin; report-uri https://report-uri.dc.siemens-energy.com/ 2
: default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.ipay88.com.my *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.botframework.com *.livechatinc.com *.tiqcdn.com *.doubleclick.net *.in.freshchat.com *.freshchat.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.sandbox.paypal.com *.paypal.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.ytimg.com *.magentocommerce.com *.gstatic.com *.googleapis.com/ *.google.com *.google.com.my *.in.freshchat.com *.freshchat.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.jquery.com *.google.com *.gstatic.com *.sandbox.paypal.com *.paypal.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.youtube.com *.ytimg.com *.authorize.net *.cardinalcommerce.com *.magentocommerce.com *.newrelic.com *.facebook.com *.facebook.net *.g.doubleclick.net/ *.code.jquery.com *.googletagmanager.com *.botframework.com *.nr-data.net *.googleapis.com *.livechatinc.com *.mookie1.com *.tiqcdn.com *.in.freshchat.com *.freshchat.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com/ *.in.freshchat.com *.freshchat.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.botframework.com wss://directline.botframework.com https://directline.botframework.com/v3/directline/conversations *.google-analytics.com *.g.doubleclick.net/ *.nr-data.net *.livechatinc.com *.in.freshchat.com *.freshchat.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' *.gstatic.com *.google.com *.google.co.uk *.youtube.com *.google-analytics.com *.bazaarvoice.com *.openstreetmap.org *.iesnare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.youtube.com *.google.com *.gstatic.com *.cloudflare.com *.bugherd.com bat.bing.com *.bazaarvoice.com *.facebook.net *.googleapis.com *.g.doubleclick.net *.ads-twitter.com *.googleadservices.com *.twitter.com cambridgeaudio.us8.list-manage.com js.braintreegateway.com script.hotjar.com static.hotjar.com *.payments-amazon.com vc.hotjar.io songbirdstag.cardinalcommerce.com *.paypal.com twitter.com *.bazaarvoice.com *.newrelic.com *.cloudflareinsights.com *.cloudfront.net *.nr-data.net *.atlassian.net *.cardinalcommerce.com *.google.se *.google.nl *.google.ca chimpstatic.com *.openstreetmap.org *.paypalobjects.com *.iesnare.com; object-src 'self' 'unsafe-inline' *.bazaarvoice.com *.iesnare.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.bazaarvoice.com *.cloudfront.net sheet *.braintreegateway.com *.openstreetmap.org *.braintreegateway.com *.iesnare.com; img-src *; frame-src *.vimeo.com *.facebook.com *.youtube.com *.youtube-nocookie.com vars.hotjar.com *.braintreegateway.com *.cardinalcommerce.com *.paypal.com *.kaptcha.com *.bazaarvoice.com *.amazon-adsystem.com *.cloudfront.net *.atlassian.net *.go2jump.org *.payments-amazon.com *.amazon.co.uk *.amazon.com *.cambridgeaudio.com *.doubleclick.net *.googletagmanager.com *.openstreetmap.org *.spotify.com *.iesnare.com; font-src 'self' *.gstatic.com data: *.bazaarvoice.com *.bugherd.com *.cloudfront.net *.openstreetmap.org *.iesnare.com; connect-src 'self' *.g.doubleclick.net *.google.com *.google-analytics.com bat.bing.com *.facebook.com sockjs.pusher.com in.hotjar.com *.amazon.com *.amazon.co.uk vc.hotjar.io *.braintree-api.com *.braintree-gateway.com *.cardinalcommerce.com *.amazonaws.com *.bazaarvoice.com *.bugsnag.com *.pusher.com *.nr-data.net *.braintreegateway.com *.paypal.com  *.nr-data.net *.hotjar.com wss://* *.openstreetmap.org *.braintreegateway.com *.paypal.com *.iesnare.com; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epix.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epix.com/ https://api.mixpanel.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://www.gstatic.com/ https://connect.facebook.net/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://src.litix.io/ https://cdnjs.cloudflare.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://*.krxd.net/ https://*.doubleclick.net/ https://www.redditstatic.com/ https://alb.reddit.com/ ; connect-src https://*.epix.com/ https://api.mixpanel.com/ https://sentry.io/ https://*.akamaihd.net/ https://www.facebook.com/ https://1pecbqtlcsq1ilmoio8v0jt7q.litix.io/ https://in.hotjar.com/ https://vc.hotjar.io/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ ; img-src 'self' https://*.epix.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.ae/ https://www.google.com.ar/ https://www.google.com.co/ https://www.google.ro/ https://sync.search.spotxchange.com/ https://pixel.rubiconproject.com/ https://us-u.openx.net/ https://simage2.pubmatic.com/ https://dpm.demdex.net/ https://t.co/ https://www.facebook.com/ https://rtd-tm.everesttech.net https://dsum-sec.casalemedia.com https://sync-tm.everesttech.net/ https://cm.g.doubleclick.net/ ib.adnxs.com https://jslog.krxd.net/ https://beacon.krxd.net https://www.redditstatic.com/ https://alb.reddit.com/ ; style-src 'self' 'unsafe-inline' ; frame-src 'self' https://vars.hotjar.com/ https://*.doubleclick.net/ https://*.krxd.net/ ; media-src blob: https://epixwebapp-vh.akamaihd.net/ ; worker-src blob: ; report-uri https://sentry.io/api/170149/security/?sentry_key=94662fb71ba340bd91fb23bbfb099024&sentry_environment=prod-visa 2
default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2
font-src *.fontawesome.com 'self' *.gstatic.com 'self' data: api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://store.plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com account.fetchify.com https://www.google.com/ https://www.youtube.com https://www.googletagmanager.com/ https://www.facebook.com https://www.e-shop-direct.com https://handel.ortlieb.com/ https://store.plumrocket.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.facebook.com https://www.magezon.com https://med-euw3c.squarelovin.com/ https://www.google.*/ads/ https://www.facebook.com https://cdn.ywxi.net https://maps.googleapis.com https://maps.gstatic.com https://www.e-shop-direct.com https://www.google-analytics.com https://www.google.com https://www.google.de 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googletagmanager.com *.facebook.net *.google.com 'report-sample' https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://*.cookiefirst.com/ https://chimpstatic.com/ https://squarelovin.com/squarelovin.js https://squarelovin.com/api/index/get-stream-media/ https://connect.facebook.net/signals/config/995641483818596 https://consent.cookiefirst.com/banner.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ecommerce.js https://cdn.klarna.com/1.0/code/client/all.js https://maps.googleapis.com/maps/api/js https://www.e-shop-direct.com/libs/js/jquery-3.1.1.min.js https://unpkg.com/web-vitals@0.2.2/dist/web-vitals.es5.umd.min.js *.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com *.fontawesome.com 'report-sample' https://*.cookiefirst.com/ https://*.squarelovin.com/squarelovin.css https://med-cf-1.squarelovin.com https://www.e-shop-direct.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'none' 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.google-analytics.com https://static.cookiefirst.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/tr/ api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.typekit.net *.trustedshops.com *.gstatic.com *.bootstrapcdn.com https://display.ugc.bazaarvoice.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.paypal.com https://www.facebook.com/tr/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://w.soundcloud.com https://www.youtube.com https://www.google.com *.paypal.com https://vars.hotjar.com https://amc.demdex.net/ https://www.facebook.com/ *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu *.googleapis.com https://www.google.com/ *.gstatic.com http://amcglobal.sc.omtrdc.net/ https://facebook.com/  https://cm.everesttech.net/ https://dpm.demdex.net/ https://www.facebook.com/ https://connect.facebook.net/ *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeocdn.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.trustedshops.com *.usercentrics.eu https://chimpstatic.com *.zdassets.com *.googleapis.com https://www.google.com https://www.gstatic.com https://geoip.nekudo.com *.newrelic.com *.nr-data.net https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://connect.facebook.net/ https://widget-mediator.zopim.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.bazaarvoice.com *.googleapis.com *.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.paypal.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com https://widget-mediator.zopim.com *.nr-data.net https://in.hotjar.com http://amcglobal.sc.omtrdc.net/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://dpm.demdex.net/ https://www.facebook.com/ https://vc.hotjar.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.wistia.com *.wistia.net *.listenloop.com *.company-target.com *.google-analytics.com *.doubleclick.net *.driftt.com *.driftqa.com *.pingdom.net *.swiftypecdn.com *.swiftype.com *.abtasty.com *.cookielaw.org *.hotjar.com *.hotjar.io *.nr-data.net *.marketo.com *.twitter.com *.soundcloud.com *.youtube.com *.akamaihd.net; font-src * data:; img-src * data:; media-src * blob:; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.twitter.com *.ads-twitter.com *.licdn.com *.engagio.com *.listenloop.com *.demandbase.com *.driftt.com *.facebook.net *.adroll.com *.adroll.mgr.consensu.org *.newrelic.com *.hotjar.com googleads.g.doubleclick.net https://dn1f1hmdujj40.cloudfront.net *.swiftypecdn.com geoip-js.com *.pingdom.net *.abtasty.com *.cookielaw.org *.nr-data.net *.marketo.com *.marketo.net *.twimg.com *.jquery.com *.onetrust.com *.maxmind.com s3.amazonaws.com *.bugsnag.com *.wistia.net www.forgerock.com http://www.forgerock.com blob: chosen.jquery.js https://fast.wistia.com https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' *.forgerock.com *.googleapis.com *.cloudflare.com *.swiftypecdn.com *.driftt.com *.marketo.com *.wistia.com *.wistia.net *.twitter.com *.twimg.com chosen.css; report-uri https://forgerock.report-uri.com/r/d/csp/wizard 2
frame-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://player.vimeo.com https://www.ukraine.com.ua https://adm.tools https://apis.google.com https://accounts.google.com https://www.google.com https://hosting.xyz https://www.hosting.xyz; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'report-sample'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com;  default-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data: https://www.facebook.com https://m.facebook.com https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.com.ua https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net blob: 'self' https://twemoji.maxcdn.com; ; connect-src wss://pubsub.adm.tools wss://adm.tools https://auth.adm.tools https://adm.tools https://portal.adm.tools https://www.ukraine.com.ua https://cdn.ukraine.com.ua:* wss://cdn.ukraine.com.ua:* https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.adm.tools http://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://www.facebook.com https://www.facebook.com https://hosting.xyz https://www.hosting.xyz; report-uri https://sentry.adm.tools/api/4/security/?sentry_key=cd4a73d9e9a3475187c201c24a2c4576 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.googleadservices.com *.bing.com *.googleapis.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.zopim.com *.bizographics.com *.toutapp.com *.newrelic.com *.linkedin.com *.nr-data.net *.hubspot.com 'unsafe-eval' unpkg.com/feather-icons *.hs-scripts.com *.visualwebsiteoptimizer.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.js.usemessages.com *.bootstrapcdn.com *.doubleclick.net *.albacross.com js.usemessages.com/conversations-embed.js js.hsforms.net/forms/v2.js; object-src *; style-src 'self' 'unsafe-inline' *.googleapis.com ; img-src *; media-src *; frame-src 'self' *.hubspot.com *.doubleclick.net; child-src 'self'; font-src 'self' 'unsafe-inline' *.gstatic.com data: wss:; connect-src 'self' *.hubspot.com *.hubapi.com; report-uri /report-csp-violation 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' ikea.com *.ikea.com ikea.net *.ikea.net ingka.com *.ingka.com cdtapps.com *.cdtapps.com us-central1-ingka-ime-dmp-prod.cloudfunctions.net 8iire7wxfe.execute-api.eu-west-1.amazonaws.com cookielaw.org *.cookielaw.org onetrust.com *.onetrust.com akamaihd.net *.akamaihd.net akstat.io *.akstat.io appdynamics.com *.appdynamics.com eum-appdynamics.com *.eum-appdynamics.com contentsquare.net *.contentsquare.net go-mpulse.net *.go-mpulse.net optimizely.com *.optimizely.com sentry.io *.sentry.io techlab-cdn.com *.techlab-cdn.com google.com *.google.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com youtube-nocookie.com *.youtube-nocookie.com oppwa.com *.oppwa.com iesnare.com *.iesnare.com recaptcha.net *.recaptcha.net api.addressy.com ingka.dev *.ingka.dev taskrabbit.com *.taskrabbit.com pro.ip-api.com api.everythinglocation.com adform.net *.adform.net adnxs.com *.adnxs.com adsrvr.org *.adsrvr.org *.seoab.io bing.com *.bing.com doubleclick.net *.doubleclick.net facebook.com *.facebook.com facebook.net *.facebook.net googleadservices.com *.googleadservices.com tpc.googlesyndication.com jivox.com *.jivox.com krxd.net *.krxd.net cdn.pdst.fm us-central1-adaptive-growth.cloudfunctions.net pinterest.com *.pinterest.com pinimg.com *.pinimg.com seoab.io *.seoab.io snapchat.com *.snapchat.com sc-static.net survicate.com *.survicate.com yimg.com *.yimg.com data: blob:; img-src * blob: data:; frame-src *; report-uri https://reporting.go-mpulse.net/report/BY4BJ-VCVK6-JMEA5-T2M38-5FM5W 2
default-src 'self' https:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com embed.typeform.com js.driftt.com *.consensu.org connect.facebook.net script.crazyegg.com chimpstatic.com platform.twitter.com www.googletagmanager.com *.siteblimp.com cdn.amplitude.com a.omappapi.com; font-src 'self' fonts.gstatic.com; worker-src blob: 2
default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://reports.hrmdirect.com https://*.etcconnect.com;style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://reports.hrmdirect.com https://www.highend.com https://fonts.googleapis.com https://*.etcconnect.com;object-src 'none';img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://*.etcconnect.com;report-uri /Handlers/CspReports.ashx?type=REPORTONLY; 2
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.youtube.com *.cookiebot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.gstatic.com *.google.com *.usercentrics.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.newrelic.com *.nr-data.net *.googleapis.com *.addtoany.com *.zdassets.com *.facebook.com *.cookiebot.com *.pinterest.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.nr-data.net *.zendesk.com *.zopim.com *.zdassets.com wss://widget-mediator.zopim.com *.doubleclick.net www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: data: 'unsafe-inline'; report-uri https://3j40yr1pel.execute-api.us-east-1.amazonaws.com/prod/report-only 2
default-src  https: http:            data:               wss://*.forter.com           'unsafe-inline' 'unsafe-eval';        connect-src  https: http:            wss://*.forter.com;        frame-ancestors 'self'            https: http:           *.czs.org             172.21.2.30            www.chasepaymentechhostedpay.com       object-src  'self';       img-src   'unsafe-eval' 'unsafe-inline'            data:           blob:           *;       font-src  'self'           data: https: http:           *.typekit.net;       script-src  'unsafe-eval' 'unsafe-inline'            blob:           data:           https: http:           'self'              emarketing.activenetwork.com             d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com              d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com              d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com               kpstat.forter.com:7043               www.google.com              maps.google.com              maps.googleapis.com               ssl.google-analytics.com               www.google-analytics.com               www.gstatic.com                embed.idonate.com               use.typekit.net                               cdn-js.net                cdnjs.cloudflare.com             d35u1vg1q28b3w.cloudfront.net             partners.cmptch.com               static.cmptch.com                         scriptcdn.net                             auctioneer.50million.club                 m.addthis.com                s7.addthis.com                 m.addthisedge.com             lkysearchex3688-a.akamaihd.net                analyticspage.tools                apiurl.org                appsource.cool                countmake.cool                fp166.digitaloptout.com                eluxer.net                mirextpro.com                 z.moatads.com               secure.myshopcouponmac.com                payperclickadz.com               cdn.pmqzads.com                qdatasales.com            widget-prime.rafflecopter.com                srvvtrk.com               pwm-image.trendmicro.com              gateway.zscloud.net;       style-src  'unsafe-eval' 'unsafe-inline'            'self'                accessibility-bookmarklets.org                 emarketing.activenetwork.com                      cdnjs.cloudflare.com               use.fontawesome.com                fonts.googleapis.com                hello.myfonts.net               pwm-image.trendmicro.com;       report-uri   https://bzcsp.report-uri.com/r/d/csp/reportOnly 2
child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self' *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net; img-src 'self' amplifypixel.outbrain.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net pingclock.net graph.facebook.com data:; script-src-elem 'self' 'unsafe-inline' *.pci.favor.dev *.favorengineering.com *.pci-np.favor.dev *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com www.google.com web.btncdn.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io; script-src 'self' 'unsafe-eval' *.favorengineering.com *.pci.favor.dev *.pci-np.favor.dev cdn.siftscience.com js.stripe.com maps.googleapis.com www.google.com web.btncdn.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com fonts.googleapis.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com *.pci-np.favor.dev bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/wizard 2
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.mtnfeed.com bat.bing.com www.facebook.com dpm.demdex.net summer.mtnfeed.com www.google.co.id www.google-analytics.com px0.pbbl.co *.doubleclick.net script.hotjar.com www.pages08.net *.yahoo.com cams.mtnfeed.com bam-cell.nr-data.net cm.everesttech.net cams.winterparkresort.com idsync.rlcdn.com www.google.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net player.vimeo.com www.youtube.com match.adsrvr.org vars.hotjar.com www.facebook.com alterra.demdex.net cdn.pbbl.co insight.adsrvr.org camstreamer.com api.trustyou.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: p.typekit.net summer.mtnfeed.com cookies.alterramtnco.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com script.hotjar.com use.typekit.net summer.mtnfeed.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net *.omtrdc.net www.google.com api.letsway.com www.google-analytics.com in.hotjar.com api.mapbox.com dpm.demdex.net rum-collector-2.pingdom.net s.yimg.com bat.bing.com adservice.google.com www.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.pbbl.co *.omtrdc.net bam-cell.nr-data.net bat.bing.com player.vimeo.com www.sc.pages08.net summer.mtnfeed.com s.yimg.com cdn.fuelx.com js-agent.newrelic.com www.google-analytics.com tag.yieldoptimizer.com www.googletagmanager.com rum-static.pingdom.net js.adsrvr.org www.google.com www.googleadservices.com script.hotjar.com *.doubleclick.net connect.facebook.net static.hotjar.com cookies.alterramtnco.com; form-action  www.google.com www.facebook.com book.winterparkresort.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 2
frame-ancestors 'none'; base-uri 'none'; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://api-adresse.data.gouv.fr https://grenoblealpesmetropole.matomo.cloud; img-src https: data:; frame-src https:; form-action 'self' https://harpe.grenoble.fr; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /include/csp.php 2
worker-src blob: www.toolnut.com data: www.festoolproducts.com; font-src fonts.gstatic.com data: maxcdn.bootstrapcdn.com cdn.honey.io cdn.ivaws.com www.slant.co chrome-extension: static3.avast.com github.com *.affirm.com fonts.googleapis.com www.clearplay.com fast.fonts.net use.fontawesome.com ms-browser-extension: at.alicdn.com d3s8xk3etjyeyz.cloudfront.net themes.googleusercontent.com cdn.joinhoney.com cdn.getspeechify.com static2.sharepointonline.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com cdn.rossintelligence.com api.couponmate.com assets.quadpay.com netdna.bootstrapcdn.com cdnjs.cloudflare.com sapling.ai cdn-assets.affirm.com cdn.scite.ai 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com 10.40.0.3 www.toolnut.com session.socialware.com apps.stifel.com festoolusa.com www.festoolusa.com www.paypal.com bpb.opendns.com 199.46.251.173 172.18.0.14 co-cwsa06p.phsi.primehealthcare.com 7rl70013.ibosscloud.com www.block.si localhost 199.46.251.175 upload.facebook.com 31.13.93.35 mobile.netsparkmobile.com 10.249.32.23 google.com 172.26.82.54 10.27.40.72 10.34.243.132 rm40996.ibosscloud.com usncchfw.cqb.chiknet.com lsrelay-config-production.s3.amazonaws.com 10.249.35.55 199.46.249.164 lsrocket.wssd.org 159.83.110.199 7rx80265.ibosscloud.com lrcicf03 useast2-www.securly.com 31.13.66.35 157.240.18.35 'self' 'unsafe-inline'; frame-ancestors www.toolnut.com www.festoolproducts.com 'self' 'unsafe-inline'; frame-src https://*.online-metrix.net https://imgs.signifyd.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.google.com/ *.youtube.com www.google.com www.facebook.com static.olark.com *.affirm.com t.pepperjamnetwork.com bid.g.doubleclick.net ssl.kaptcha.com www.googletagmanager.com nojscontainer.pepperjam.com pwm-image.trendmicro.com tpc.googlesyndication.com mozbar.moz.com app.viralsweep.com iamccepasv501.faa.gov accounts.google.com 10.40.0.3 cdncache-a.akamaihd.net block.opendns.com auth.iws-hybrid.trendmicro.com session.socialware.com apps.stifel.com player.vimeo.com 199.46.250.165 s.cmptch.com div.show gateway.zscloud.net mccproxy1.ad.menasha.com gateway.zscalertwo.net hobfpproxy02.nashville.org gateway.zscaler.net skytraf.xyz www.dideo.ir www.securly.com iamccepasv500.faa.gov r.srvtrck.com cdn.exchmapdata.com acestream.me 5c07e5a4a3e132a1094bfd556de2e017sync.pacrpc.uswest3.v1api.securly.com gateway.zscalerthree.net pitc.nube.53.com saltcdn2.googleapis.com bpb.opendns.com lsrelay-config-production.s3.amazonaws.com useast-www.securly.com 10.20.30.22 userprotect.us.stihl-dns.net cltfwdproxyf501 safe.menlosecurity.com d31b6i309j1ui2.cloudfront.net d3s8xk3etjyeyz.cloudfront.net 199.46.251.173 iactcepasv501.faa.gov blocked.ppg.com filter.techloq.com xen-media.com login.zscalertwo.net 10.67.167.71 purplestats.com partners.cmptch.com hns1362x zswpmanager.wip.mmc.com 7rl70013.ibosscloud.com www.zola.com www.block.si data: localhost 199.46.251.175 noop.style 199.46.251.164 upload.facebook.com 127.0.0.1 ls-policyvm-1-s.k12.wv.us 199.46.251.168 rest.exchmapdata.com 10.77.167.71 fiendgamers.com 199.46.249.170 notify.bluecoat.com 10.20.30.28 199.46.251.171 login.zscloud.net useast2-www.securly.com accessdenied.pnc.com mobile.netsparkmobile.com api.exchpackdata.com 10.249.32.23 199.46.249.171 ckr01.lpsb.org welcometocgw.fr.eu.airbus.corp login.microsoftonline.com ckr01.msdlt.k12.in.us 172.217.2.238 ssl-proxy-login.blackspider.com google.com 10.255.11.250 153.11.216.221 153.11.216.220 199.46.250.160 153.11.216.225 153.11.216.224 saltcdn2.facebook.com isbcpxsppr01.na.mmfg.net 153.11.216.223 10.34.243.132 rm40996.ibosscloud.com adcfwdproxyf503 adcfwdproxyf504 153.11.216.222 usncchfw.cqb.chiknet.com ff3bed1d158489e6cc0821e629cf0062sync.pacrpc.uswest2.v1api.securly.com cltfwdproxyf504 adfs.micron.com 10.10.1.120 ad000-ws002-wcg.dtc.local iprism.sffc.acres.com lsrocket.wssd.org 172.16.206.15 access.bcferries.com ckr01.rsdmo.org 199.46.251.169 www.myregistry.com 159.83.110.199 iactcepasv500.faa.gov ok.ru login.zscalerthree.net cdn.exchgmdata.com 7rx80265.ibosscloud.com cdn.exchmeddata.com www.staffmark.com login2.cpsserv.com 31.13.66.35 199.46.250.166 vk.com remove.video www.clipix.com veronline.me floatingplayer.com utp.ucweb.com saltcdn2.twitter.com saltcdn2.www.instagram.com sso.johndeere.com adcfwdproxyf501 10.4.200.211 blipznchitzcom-a.akamaihd.net 199.46.250.164 157.240.18.35 cdn.walkme.com api.exchprotdata.com chrome-error: object.center tool-bcg.bwe.io thetoolnut.sjv.io 167.150.254.140 www.milwaukeetool.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://a.klaviyo.com https://www.magezon.com www.xtento.com cdn.xtento.com mediacdn.espssl.com cds.taboola.com www.facebook.com log.olark.com bat.bing.com www.google.com p.adsymptotic.com px.ads.linkedin.com www.linkedin.com s1.listrakbi.com www.google-analytics.com fp.listrakbi.com sca1.listrakbi.com www.google.com.ar data: media.toolnut.com www.google.ca www.googletagmanager.com csi.gstatic.com trc.taboola.com www.gstatic.com www.google.co.ug www.google.co.uk www.google.de www.toolnut.com i.ytimg.com www.bizrate.com googleads.g.doubleclick.net *.affirm.com www.google.co.in rd.connexity.net www.google.co.zw www.google.it bam.nr-data.net cdn.ivaws.com blob: www.google.co.jp gateway.zscloud.net www.google.fr www.google.com.ph eventping-a.akamaihd.net images.wikibuy.com www.google.ae www.google.by www.google.com.ua cdn.exchmapdata.com cilkonlay.com dozi-staging.zoominfo.com accounts.google.com translate.google.com hardyload.com mitarchive.info www.google.com.pe petercontry.net static.slickdealscdn.com ssl.google-analytics.com polinaryapp.com www.google.com.sg www.google.nl qalitygigant.com canvaspl-a.akamaihd.net www.google.co.za www.google.sk cdn.honey.io brounelink.com www.google.az www.google.com.bo www.google.fi www.tailwindapp.com www.google.jo partners.cmptch.com cdn.exchgmdata.com www.google.com.ng *.youtube.com www.google.com.mx s.cmptch.com tribedone.org store.paradoxlabs.com www.google.ie www.stabila.com translate.googleapis.com www.google.cz www.milwaukeetool.com connect.facebook.net www.google.co.vi img.shop.com www.google.be stats.g.doubleclick.net cosmeticsrc.com d2z2x9m6jf98op.cloudfront.net www.google.is www.google.com.au www.google.com.qa rest.exchmapdata.com 52.22.54.6 mc.yandex.ru autroliner.com www.google.ch www.google.at www.google.com.pr www.google.ru ciclonrox.com www.google.com.br www.google.gr log-papago.naver.com bitc-proxy-p06-mgmt www.google.com.tw www.wihatools.com a5.behance.net www.google.com.sa www.google.ro www.google.com.co www.google.iq www.dewalt.com gateway.zscalertwo.net www.google.com.ec www.google.co.ao 52.206.25.151 s2.listrakbi.com android-webview-video-poster: www.google.com.pk jaretsummer.com m.media-amazon.com blinkjork.com mstat.acestream.net www.google.co.kr bpb.opendns.com tracksmall.com toolsmagick.com loungesrc.net dogsamily.net www.google.com.af log.pinterest.com dakotaram.com craftprimes.com www.google.co.id www.google.pl smackbolt.com www.google.com.hk www.magentocommerce.com www.google.com.pa www.festoolproducts.com www.google.es hm.baidu.com 7rl70013.ibosscloud.com www.mageworx.com srdrvp.com pagead2.googlesyndication.com clt-v20k3-c.bbtnet.com www.google.se cermak-fpgin03p.honi.com trableflick.com nickletto.com fp1104.digitaloptout.com api.exchqzdata.com cdn.exchqzdata.com yastatic.net dimagesrc.com 31.13.93.35 hovastate.s3.amazonaws.com 10.248.8.49 www.google.com.tr singtraff.cool localhost gateway.zscaler.net play-lh.googleusercontent.com media.pepperjamnetwork.com proghage.com acountscr.cool mikkiload.com www.google.co.uz poligloteapp.org gfh-bcasg01-aggr www.google.bg canvasdp-a.akamaihd.net usvc-a.akamaihd.net s.pmddby.com static.gecirtnotification.com duckduckgo.com www.google.co.cr 52.86.201.79 fonts.gstatic.com cdn.makitatools.com nextextlink.com s3.amazonaws.com assets.syndigo.com saltjs.failplugin.ru www.google.gy cdn.joinhoney.com www.google.hu debugsinfo.com mirextpro.com saltjs.rkfnrkjfnrkfnkjh.xyz closiner.com m.facebook.com icelandsue.com www.securly.com extendcoreapiprodextendc-storelogosbucket03b65aac-1hzxdqraz84hj.s3.amazonaws.com bam-cell.nr-data.net clickmarketus.com cdn.exchpackdata.com www.google.co.il www.google.com.gt www.google.ge gateway.zscalerone.net accounts.unifiedcloudit.com www.google.cn redir.pricespider.com promlinkdev.com az.nmgplatform.com ssl.gstatic.com roxlock.com scrprime.com minisrclink.cool www.google.hn www.google.rs cdn.gethypervisual.com clicksapp.net www.google.com.my img.uflowx.com appprint.biz www.google.tt zeb-v20k1-c.bbtnet.com blinkloide.com festoolcdn.azureedge.net www.google.com.eg www.google.com.do www.google.com.vn www.woodpeck.com www.ojrq.net helloextend-static-assets.s3.amazonaws.com boxclone.com www.google.co.nz logs-01.loggly.com veronamile.com www.google.cl mabydick.com 10.129.6.13 westtank.net gifcdn.com www.googleadservices.com v2assets.zopim.io 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://static.klaviyo.com https://fast.a.klaviyo.com *.google.com/ www.xtento.com cdn.xtento.com container.pepperjam.com apis.google.com cdn.listrakbi.com s1.listrakbi.com *.affirm.com www.googletagmanager.com www.google.com www.gstatic.com www.googleadservices.com www.clickcease.com static.olark.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net trc.taboola.com at1.listrakbi.com www.google-analytics.com js-agent.newrelic.com m1.listrakbi.com bam.nr-data.net api.olark.com cdn.taboola.com snap.licdn.com knrpc.olark.com ssl.kaptcha.com tpc.googlesyndication.com fillr.local app.viralsweep.com gateway.zscloud.net www.pagespeed-mod.com data: m59.prod2016.com cdncache-a.akamaihd.net static.sunnycoast.xyz qdatasales.com gateway.zscalertwo.net zuvofu.towaxubudo.com assets.olark.com cilkonlay.com siteprerender.com cache-check.net hardyload.com petercontry.net 3001.scriptcdn.net ssl.google-analytics.com polinaryapp.com qalitygigant.com m35.prod2016.com asrvvv-a.akamaihd.net protectsurf-a.akamaihd.net s.pmddby.com 10.18.6.54 rialto-gms.s3.amazonaws.com adr.mplore.com brounelink.com 172.18.54.216 tribedone.org translate.googleapis.com 10.246.7.22 10.18.6.92 10.95.4.165 ajax.googleapis.com abp.smartadcheck.de cosmeticsrc.com mstat.acestream.net pilaff-up.ru m98.prod2016.com autroliner.com ciclonrox.com localhost bitc-proxy-p06-mgmt saltcdn2.googleapis.com vuduxo.raxanixuru.com tcsls.tyrrell.k12.nc.us 10.10.4.162 s.yimg.com sp.analytics.yahoo.com mawisa.botateyime.com about: d31b6i309j1ui2.cloudfront.net siteblock.exeloncorp.com *.youtube.com searchprotectors.com jaretsummer.com nadenfpap02.cyracom.com www.glancecdn.net blinkjork.com bpb.opendns.com tracksmall.com toolsmagick.com ascend.pepperjam.com johamo.fexitafalu.com loungesrc.net translate.google.com dogsamily.net jamesbotscom-a.akamaihd.net s.cmptch.com dakotaram.com craftprimes.com crossydashcom-a.akamaihd.net partners.cmptch.com clicksapp.net files-js-ext.s3.us-east-2.amazonaws.com smackbolt.com 7rl70013.ibosscloud.com smigro.info umekana.ru captcha.gecirtnotification.com inspect2.gracead.com 10.95.4.38 10.18.6.55 10.95.4.162 m44.prod2016.com clt-v20k3-c.bbtnet.com www.googleapis.com data1.moiziq.com in.masterquizzes.com blocked.syd-1.linewize.net data1.iti-maps.fr 10.225.34.50 trableflick.com nickletto.com cdnjs.cloudflare.com data1.open-dog.com dimagesrc.com 31.13.66.19 jejoro.miyinokejo.com 10.248.8.49 milkpload.net fiendgamers.com singtraff.cool gateway.zscaler.net s3.amazonaws.com proghage.com 10.96.3.147 10.18.6.52 172.29.33.144 10.18.6.87 10.18.6.51 acountscr.cool visualsponline.azurewebsites.net mikkiload.com poligloteapp.org 10.48.61.53 appprint.biz accessdenied.pnc.com 31.13.65.7 m55.prod2016.com ruzozi.locixugoro.com higedev.cool secure.myshopcouponmac.com auctioneer.50million.club secure.mycouponsmartmac.com nextextlink.com fuhupo.lohuwomenu.com vezowi.rakiwoxori.com data1.bevuak.com www.amazon.com mirextpro.com icelandsue.com clipsold.com pulseadnetwork.com 10.10.4.168 bam-cell.nr-data.net sdk.helloextend.com s.dcbap.com a.apiywc.net cdn.optitc.com fidoapi.com minisrclink.cool 10.105.1.10 gateway.zscalerone.net closiner.com 7vnsr60001.ibosscloud.com promlinkdev.com 10.50.50.4 www.myregistry.com roxlock.com scrprime.com kifkofcom-a.akamaihd.net shopstorys.com s3-us-west-2.amazonaws.com www.clipix.com dowlextff.com cdn.mathjax.org floatingplayer.com payperclickadz.com image.uc.cn slothhangoutcom-a.akamaihd.net ads.creative-serving.com bible.logos.com 7896543.s3.amazonaws.com blipznchitzcom-a.akamaihd.net employeewebaccess.tempe.gov static.regsvcs.theknot.com zeb-v20k1-c.bbtnet.com blinkloide.com ccc-01-ws04 d.impactradius-event.com boxclone.com veronamile.com g.microsoft.com cdn-ads.google-analytics.com mabydick.com 10.129.6.12 westtank.net static.zdassets.com widget-mediator.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.listrakbi.com static.olark.com maxcdn.bootstrapcdn.com cdn.honey.io pwm-image.trendmicro.com gateway.zscloud.net *.affirm.com www.gstatic.com translate.googleapis.com fast.fonts.net use.fontawesome.com gateway.zscalertwo.net s.cmptch.com hello.myfonts.net stackpath.bootstrapcdn.com data: www.toolnut.com logos.formetocoupon.com cdnjs.cloudflare.com tool-bcg.bwe.io 'self' 'unsafe-inline'; object-src div.show noop.style object.center partners.cmptch.com 'self' 'unsafe-inline'; media-src static.olark.com data: ssl.gstatic.com gateway.zscloud.net static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://imgs.signifyd.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://fast.a.klaviyo.com *.affirm.com knrpc.olark.com trc-events.taboola.com www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net bat.bing.com www.google.com monitor.clickcease.com api.rollbar.com www.facebook.com subwayblaze.com ssl.kaptcha.com js.authorize.net trc.taboola.com api2.authorize.net m59.prod2016.com cdncache-a.akamaihd.net sovetnik.market.yandex.ru data: m35.prod2016.com dasfelynsaterr.webcam 1986635568.rsc.cdn77.org luxins.net localhost dealctr.com translate.googleapis.com m98.prod2016.com www.flipkart.com nf44a9pati.execute-api.us-west-2.amazonaws.com s.yimg.com 10.50.50.4 tm.filter fp1104.digitaloptout.com hm.baidu.com smigro.info m44.prod2016.com b.1p1eqpotato.com log.pinterest.com fiendgamers.com 127.0.0.1 p.extfun.com sf-helper.com dc.services.visualstudio.com 11637314617.rsc.cdn77.org m55.prod2016.com www.toolnut.com fp166.digitaloptout.com code.jquery.com catds.net saltoffer.google-analytics.com jsmeter.google-analytics.com randomgamezone.com cdn-ads.google-analytics.com bam-cell.nr-data.net api.helloextend.com www.nomoreads.pro www.festoolproducts.com savingsslider-a.akamaihd.net vimeo.com az.nmgplatform.com ajax.googleapis.com service.nservices.space floatingplayer.com uc.gre utp.ucweb.com track.uc.cn utp-dmp.ucweb.com stickyid-a.akamaihd.net 1637314617.rsc.cdn77.org polkadot.js.org sdk.helloextend.com steganos-api.ciuvo.com thetoolnut.sjv.io t1.taboola.com t2.taboola.com t3.taboola.com t4.taboola.com t5.taboola.com t6.taboola.com t7.taboola.com t8.taboola.com pips.taboola.com cds.taboola.com lawiersenadrey.webcam saltcdn2.facebook.com www.paypal.com ekr.zdassets.com toolnutcsd.zendesk.com widget-mediator.zopim.com adservice.google.com bt.signifyd.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.google.com fonts.googleapis.com 'self' 'unsafe-inline'; 2
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com https://www.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com https://www.google.com *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net www.google-analytics.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'unsafe-inline' data: 'self' 'unsafe-inline'; style-src getfirebug.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src https://c.plerdy.com/click/send_mouse_in_region https://c.plerdy.com/click/ip https://c.plerdy.com/click/send_scroll https://c.plerdy.com/click/admin/save_statistic https://c.plerdy.com/click/send geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.klevu.com *.ksearchnet.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; script-src https://a.plerdy.com/public/js/click/main.js https://a.plerdy.com/public/screens/15070/plerdy_conversions_steps.js https://a.plerdy.com/public/screens/15070/plerdy_ga_events.js https://a.plerdy.com/public/screens/15070/data/data_plerdy_form.js https://c.plerdy.com/public/js/click/main2.js https://a.plerdy.com/public/screens/15070/plerdy_seo_rules.js https://a.plerdy.com/public/screens/15070/plerdy_video_rules.js secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com www.google-analytics.com *.klevu.com *.ksearchnet.com *.avada.io *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com https://www.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googleadservices.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://munchkin.marketo.net https://dl.episerver.net https://www.youtube.com https://unpkg.com/aos@2.3.1/dist/aos.js https://www.googletagmanager.com https://code.jquery.com https://go.pardot.com https://pi.pardot.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://assets.calendly.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://static.cloudflareinsights.com/beacon.min.js https://prdapp02.xisecurenet.com/DIeComm/Scripts/XIFrame/XIFrame-1.1.0.js; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://go.pardot.com https://unpkg.com/aos@2.3.1/dist/aos.css https://hello.myfonts.net/count/3acdc3; font-src 'self' https://use.fontawesome.com/ https://fonts.gstatic.com; connect-src 'self' https://991-mlm-828.mktoresp.com https://991-mlm-828.mktoutil.com https://bots.kore.ai https://l.sharethis.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net https://cdn.cookielaw.org wss://rtm.kore.ai; report-uri https://qa-www2.carestreamdental.com/CSPReporting/api/CSP/ReportViolation 2
child-src 'self'; connect-src 'self' http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.hotjar.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amplitude.com https://*.cloudflare.com https://*.contentful.com https://*.delighted.com https://*.facebook.com https://*.fullstory.com https://*.g.doubleclick.net https://*.getsentry.com https://*.githubusercontent.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.herokuapp.com https://*.hotjar.com https://*.hotjar.com:12443 https://*.intercom.io https://*.intercomcdn.com https://*.lever.co https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.segment.io https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.wistia.com https://github.com https://heapanalytics.com https://sumo.com https://twitter.com ws://*.hotjar.com wss://*.appcues.net wss://*.hotjar.com wss://*.intercom.io; default-src 'self'; font-src 'self' chrome-extension: data: http://*.sqreen.io https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.intercomcdn.com https://*.sqreen.com https://*.sqreen.io https://*.twimg.com https://*.wistia.com https://github.com; frame-src 'self' 'unsafe-inline' http://*.appcues.com http://*.g.doubleclick.net http://*.hotjar.com https://*.akamaihd.net https://*.amazonaws.com https://*.appcues.com https://*.facebook.com https://*.g.doubleclick.net https://*.hotjar.com https://*.recurly.com https://*.sqreen.com https://*.twitter.com https://*.typeform.com https://*.wistia.com https://headway-widget.net ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.adnxs.com http://*.facebook.net http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.googleadservices.com http://*.googletagmanager.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com http://t.co https://*.addthis.com https://*.adnxs.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.b-cdn.net https://*.clearbit.com https://*.cloudfront.net https://*.ctfassets.net https://*.facebook.com https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.mx https://*.google.com.ph https://*.google.com.sg https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.se https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.linkedin.com https://*.marinsm.com https://*.openx.net https://*.prfct.co https://*.reddit.com https://*.rubiconproject.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.twimg.com https://*.twitter.com https://*.univide.com https://*.wistia.com https://*.yahoo.com https://heapanalytics.com https://sqreen-assets.s3-eu-west-1.amazonaws.com https://sumo.com https://t.co https://twitter.com; manifest-src 'self' https://*.sqreen.com; media-src 'self' https://*.akamaihd.net https://*.cloudfront.net https://*.intercomcdn.com https://*.wistia.com; object-src 'self' https://*.akamaihd.net https://*.wistia.com; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.ads-twitter.com http://*.appcues.com http://*.facebook.net http://*.g.doubleclick.net http://*.getdrip.com http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.heapanalytics.com http://*.hotjar.com http://*.perfectaudience.com http://*.prfct.co http://*.segment.com http://*.sqreen.io http://heapanalytics.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.amplitude.com https://*.appcues.com https://*.b-cdn.net https://*.bufferapp.com https://*.cloudflare.com https://*.cloudfront.net https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.getdrip.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.headwayapp.co https://*.heapanalytics.com https://*.herokuapp.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.jquery.com https://*.licdn.com https://*.linkedin.com https://*.marketo.net https://*.perfectaudience.com https://*.pinterest.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.redditstatic.com https://*.segment.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.twitter.com https://*.typeform.com https://*.wistia.com https://fullstory.com https://heapanalytics.com https://reddit.com https://twitter.com ws://*.hotjar.com wss://*.hotjar.com wss://*.intercom.io; style-src 'self' 'unsafe-inline' http://*.appcues.com http://*.sqreen.io http://heapanalytics.com https://*.amazonaws.com https://*.appcues.com https://*.b-cdn.net https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.sqreen.com https://*.sqreen.io https://*.twitter.com https://heapanalytics.com; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; 2
script-src 'self' *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.boltdns.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.shopperapproved.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org *.shopperapproved.com pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.p-n.io *.opmnstr.com *.securedvisit.com *.g.doubleclick.net *.omappapi.com www.dwin1.com *.attn.tv *.attentivemobile.com cdn.polyfill.io *.kaptcha.com 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob://* data://* 'self'; connect-src 'self' *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.boltdns.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.shopperapproved.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org *.shopperapproved.com pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.p-n.io *.opmnstr.com *.securedvisit.com *.g.doubleclick.net *.omappapi.com www.dwin1.com *.attn.tv *.attentivemobile.com cdn.polyfill.io *.kaptcha.com; report-uri /ajax/content_policy_violation.php 2
frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 2
default-src 'none'; script-src 'self' *.twitter.com *.google.com *.recaptcha.net *.googletagmanager.com *.google-analytics.com; img-src *; 2
child-src 'self'; connect-src 'self' http://*.pinalove.com http://*.thaifriendly.com https://*.apple.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com wss: wss://*.pinalove.com wss://*.thaifriendly.com wss://*.vietnameselove.com; default-src 'self'; font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.gstatic.com; frame-src 'self' https://*.apple.com https://*.facebook.com https://*.g.doubleclick.net https://*.google.com; img-src 'self' blob: data: http://*.gstatic.com http://*.pinalove.com http://*.thaifriendly.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com https://pinalove.com https://thaifriendly.com https://vietnameselove.com wss://*.pinalove.com wss://*.thaifriendly.com; manifest-src 'self'; media-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.2checkout.com https://*.apple.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.newrelic.com https://*.nr-data.net https://*.trackjs.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.yahooapis.com; worker-src 'self' blob:; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_136f6bd732b7462c9c5fd22fd24e9f47 2
default-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl *.op.nl; connect-src 'self' *.ondernemersplein.kvk.nl *.flagship.io ariane.abtasty.com sentry.io vc.hotjar.io *.hotjar.com ampcid.google.com ajax.googleapis.com www.google-analytics.com; img-src 'self' data: *.ondernemersplein.kvk.nl *.rvo.nl opendata.nederlandwereldwijd.nl ariane.abtasty.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com i.ytimg.com; style-src 'self' 'unsafe-inline' *.ondernemersplein.kvk.nl www.gstatic.com fonts.googleapis.com tagmanager.google.com; frame-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl opendata.ondernemersplein.nl www.youtube.com vars.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ondernemersplein.kvk.nl www.google-analytics.com www.googletagmanager.com www.gstatic.com *.flagship.io ariane.abtasty.com static.hotjar.com script.hotjar.com www.youtube.com s.ytimg.com; report-uri https://sentry.io/api/1234272/security/?sentry_key=f23f8584f25343e3baed391826c1e5ba&sentry_environment=productie 2
default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; worker-src 'self'; child-src 'none'; frame-src 'none'; frame-ancestors 'none'; 2
object-src 'none'; font-src https: data:; default-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://hfo1.report-uri.com/r/d/csp/enforce; 2
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://siteimproveanalytics.com https://www.brighttalk.com https://api-rel.fundpress.io https://api.fundpress.io https://assets.adobedtm.com https://s.go-mpulse.net https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://js.adsrvr.org https://report.23video.com https://api-uk.kurtosys.app https://geolocation.onetrust.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://api-rel.fundpress.io https://api.fundpress.io https://smetrics.mandg.com https://api-uk.kurtosys.app https://www.google.com https://www.google.co.uk https://i.ytimg.com https://www.google-analytics.com https://ad.doubleclick.net https://adservice.google.com https://ttcontacts.com; frame-src https://mandg.videomarketingplatform.co https://www.brighttalk.com https://view.ceros.com https://digitalsecure.mandg.com https://irpages2.equitystory.com https://mandg.fidainformatica.it https://www.youtube-nocookie.com https://view.ceros.com https://insight.adsrvr.org https://match.adsrvr.org; connect-src 'self' https://api-rel.fundpress.io https://api.fundpress.io https://search-api.swiftype.com https://cdn.cookielaw.org https://smetrics.mandg.com https://api-uk.kurtosys.app https://c.go-mpulse.net https://www.google-analytics.com https://stats.g.doubleclick.net https://dpm.demdex.net https://privacyportal-de.onetrust.com https://*.akstat.io; font-src 'self' https://fonts.gstatic.com https://api.fundpress.io https://api.fundpress.io; media-src blob: https://mandg.videomarketingplatform.co; object-src 'none'; upgrade-insecure-requests; report-uri /csp/log; base-uri 'self'; form-action 'self'; frame-ancestors https://www.mymandg.co.uk 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 2
default-src 'none'; script-src * 'unsafe-inline'; object-src 'self' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * 'unsafe-inline'; media-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline'; font-src *; connect-src 'self'; report-uri /report-csp-violation 2
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/;require-trusted-types-for 'script'; 2
report-uri /es/Error/ReportCPS; 2
font-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-ancestors 'self'; block-all-mixed-content; default-src 'self' cdn.rapidsec.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.rapidsec.com https://*.googletagservices.com https://*.googlesyndication.com https://*.google.com https://*.googleadservices.com https://*.doubleclick.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://static.getbeamer.com https://app.getbeamer.com https://google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://js.chargebee.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://www.google.com https://apis.google.com https://www.gstatic.com/recaptcha/ https://api.rapidsec.com; style-src 'self' 'report-sample' 'unsafe-inline' cdn.rapidsec.com *.google.com app.getbeamer.com *.chargebee.com js.chargebee.com fonts.googleapis.com https://translate.googleapis.com https://api.rapidsec.com https://js.chargebee.com/v2/animation.css; object-src *.googlesyndication.com; frame-src *.googlesyndication.com *.doubleclick.net *.google.com www.intercom-reporting.com *.getbeamer.com *.chargebee.com js.chargebee.com www.youtube-nocookie.com *.youtube.com https://calendly.com https://intercom-sheets.com https://www.google.com https://accounts.google.com https://app.getbeamer.com; child-src 'self' blob: *.googlesyndication.com *.doubleclick.net player.vimeo.com www.youtube.com intercom-sheets.com www.intercom-reporting.com *.google.com fast.wistia.net; img-src 'self' data: blob: https://rapidsec.com https://*.rapidsec.com www.googleadservices.com *.googlesyndication.com *.doubleclick.net *.google.com rapidsec.intercom-attachments-9.com rapidsec.intercom-attachments-7.com rapidsec.intercom-attachments-6.com rapidsec.intercom-attachments-5.com rapidsec.intercom-attachments-3.com rapidsec.intercom-attachments-2.com rapidsec.intercom-attachments-1.com *.intercomusercontent.com *.intercom.io *.intercom-mail.com *.intercomcdn.com static.intercomassets.com static.getbeamer.com app.getbeamer.com analytics.google.com www.google.com ssl.google-analytics.com www.google-analytics.com cb-invoice-logos-prod.s3.us-east-1.amazonaws.com fonts.gstatic.com *.youtube.com *.ytimg.com http://*.ytimg.com https://translate.googleapis.com https://*.googleusercontent.com https://cb-invoice-logos-prod.s3.us-east-1.amazonaws.com/rapidsec/ https://app.getbeamer.com https://www.gstatic.com/images/branding/product/ https://*.ytimg.com https://meta.rapidsec.net https://scdn.rapidsec.com https://api.rapidsec.com https://files.rapidsec.com https://www.google-analytics.com; font-src 'self' data: fonts.intercomcdn.com js.intercomcdn.com fonts.googleapis.com fonts.gstatic.com https://rapidsec.com https://use.typekit.net https://js.intercomcdn.com; connect-src 'self' data: about: www.googletagservices.com *.googlesyndication.com *.google.com *.doubleclick.net uploads.intercomusercontent.com uploads.intercomcdn.com *.intercom.io wss://*.intercom.io backend.getbeamer.com analytics.google.com ampcid.google.com stats.g.doubleclick.net www.google-analytics.com *.logrocket.com *.logrocket.io *.lr-ingest.io fonts.gstatic.com fonts.googleapis.com https://translate.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://api.rapidsec.com; manifest-src 'self'; base-uri 'self'; form-action 'self' *.google.com intercom.help api-iam.intercom.io app.getbeamer.com https://calendly.com; media-src dai.google.com *.intercomcdn.com https://ssl.gstatic.com/dictionary/static/sounds/; prefetch-src 'self' cdn.rapidsec.com *.googlesyndication.com; worker-src 'self' blob: www.google.com; report-uri https://gate.rapidsec.net/g/r/csp/2944b957-d1ed-4c25-a6bb-04df0b185613/0/71/1?sdkv=-1.-1.-1_unknown&sct=717ed90d-e1c1-4b1e-abed-aa670af50845&dpos=report&sdkv=2.0.1_nodejs; 2
default-src 'self' cdn.synthetix.com ssc.synthetix.com; img-src 'self' cdn.synthetix.com ssc.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com; font-src *.gstatic.com *.hotjar.com;frame-src *.twitter.com *.hotjar.com *.google.com *.youtube.com https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk/; connect-src cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.hotjar.io *.google-analytics.com *.hotjar.com *.fullstory.com *.doubleclick.net wss://ws12.hotjar.com; style-src 'self' 'unsafe-inline' cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googleapis.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googletagmanager.com googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net 2
frame-ancestors 'self'; report-uri https://api.mobilepay.dk/cspreporting/mobilepay-dk 2
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.hawksearch.net 'self' data: *.livehelpnow.net *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.youtube.com *.hostedpayments.com *.wufoo.com *.jst.ai *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com http://app.bronto.com https://app.bronto.com http://cdn.bronto.com https://cdn.bronto.com http://c.bron.to https://c.bron.to http://maw.bronto.com https://maw.bronto.com *.hawksearch.net *.bing.com *.klaviyo.com *.googleapis.com *.livehelpnow.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.pingdom.net *.bronto.com *.bron.to *.hawksearch.net *.newrelic.com *.googleapis.com *.nr-data.net *.jst.ai *.jsdelivr.net *.bing.com *.klaviyo.com *.site24x7rum.com http://r1-t.trackedlink.net https://marketingplatform.google.com https://developer.livehelpnow.net *.wufoo.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.bronto.com *.materialdesignicons.com *.hawksearch.net https://fonts.googleapis.com *.livehelpnow.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com *.bronto.com *.brontops.com *.nr-data.net *.pingdom.net stats.g.doubleclick.net col.site24x7rum.com *.klaviyo.com *.jst.ai *.google-analytics.com *.livehelpnow.net wss://app.livehelpnow.net *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.klevu.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com/ *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.trustpilot.com *.youtube.com *.paypal.com *.paypalobjects.com *.usehero.com *.braintreegateway.com *.cardinalcommerce.com *.cookiebot.com *.hotjar.com *.facebook.com *.kaptcha.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com https://store.plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.trustpilot.com *.nosto.com *.amazonaws.com *.klevu.com *.finance-calculator.co.uk *.paypal.com *.gstatic.com *.google.co.uk *.usehero.com *.bing.com *.postcodeanywhere.co.uk *.googletagmanager.com *.yotpo.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.google.com/ *.googletagmanager.com *.facebook.net *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.trustpilot.com *.nosto.com *.klevu.com polyfill.io *.finance-calculator.co.uk *.paypal.com *.gstatic.com *.usehero.com *.postcodeanywhere.co.uk *.pcapredict.com *.cardinalcommerce.com *.hotjar.com *.cookiebot.com *.bing.com https://analytics.tiktok.com *.zuko.io *.yotpo.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net cdn.dnky.co webchat.dotdigital.com *.trustpilot.com *.nosto.com *.klevu.com *.finance-calculator.co.uk *.usehero.com *.postcodeanywhere.co.uk *.yotpo.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.usehero.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.finance-calculator.co.uk *.paypal.com *.nosto.com *.google.com *.braintree-api.com *.braintreegateway.com *.usehero.com *.postcodeanywhere.co.uk *.cardinalcommerce.com *.doubleclick.net *.zuko.io https://analytics.tiktok.com *.hotjar.io *.hotjar.com *.yotpo.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://proxy.hubzero.org wss://vncproxy.hubzero.org wss://hubzero.org https://hubzero.org/api/members/tools/diskusage https://www.google-analytics.com https://stats.g.doubleclick.net/j/ https://www.dropbox.com https://api.scite.ai; default-src 'self' https://*.hubzero.org; font-src about: chrome-extension: data: https://fonts.gstatic.com safari-extension: 'self' https://use.typekit.net https://storage.googleapis.com/speechify-website-assets/fonts/ https://cdn.scite.ai/assets/fonts/scite-icons/; form-action 'self'; frame-ancestors 'self' https://hubzero.org/; frame-src 'self' https://*.hubzero.org https://content.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://youtube.com https://player.vimeo.com https://calendar.google.com https://www.youtube.com https://vimeo.com https://docs.google.com; img-src * data: image: file: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.googleapis.com https://maps.google.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com https://www.googletagmanager.com/gtag/js https://www.google.com/jsapi https://www.gstatic.com/charts/; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.gstatic.com https://p.typekit.net https://use.typekit.net; worker-src blob:; media-src 'self' data:; upgrade-insecure-requests; report-uri https://csp.hubzero.org/csp-cms.php 2
default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: ws: wss:; img-src 'unsafe-inline' blob: data: *; report-uri https://csp.test.orlo.tech/report; 2
default-src 'self'; script-src 'report-sample' 'self' https://js.hs-scripts.com/19644915.js https://rules.quantcount.com/rules-p--xkFm69TQBQDx.js http://ss.sharethis.com/loader.js http://ws.sharethis.com/button/buttons.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js https://connect.facebook.net/en_US/fbevents.js https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/669924774/ https://js.hs-analytics.net/analytics/1622252400000/19644915.js https://js.hs-banner.com/19644915.js https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/collectedforms.js https://lptag.liveperson.net/tag/tag.js https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js https://prism.app-us1.com/ https://secure.quantserve.com/quant.js https://ws.sharethis.com/button/async-buttons.js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js ; style-src 'report-sample' 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://ws.sharethis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://forms.hubspot.com https://l.sharethis.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://bid.g.doubleclick.net https://c.sharethis.mgr.consensu.org https://ws.sharethis.com; img-src 'self' data: https://pixel.quantserve.com https://forms.hsforms.com https://l.sharethis.com https://px.gumgum.com https://track.hubspot.com https://www.facebook.com https://www.google-analytics.com https://www.google.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; object-src 'none'; img-src 'self' data: https:; font-src data: https:; frame-ancestors 'none'; block-all-mixed-content; report-uri https://lingvist.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' https://*.googlesyndication.com https://*.curator.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.googletagservices.com https://securepubads.g.doubleclick.net https://adservice.google.com https://adservice.google.co.uk https://adservice.google.es https://cdn.ampproject.org http://platform.twitter.com https://*.googlesyndication.com https://cdn.curator.io https://www.googleadservices.com https://www.googletagmanager.com https://survey.g.doubleclick.net https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://connect.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://lib.selfcampaign.com https://securepubads.g.doubleclick.net https://api.mapbox.com; style-src 'self' 'unsafe-inline' https://cdn.curator.io https://cdnjs.cloudflare.com https://api.mapbox.com; img-src 'self' https://www.commercialmotor.com https://www.google.com https://www.google.co.uk https://www.google.es https://*.googlesyndication.com data: https://*.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://lib.selfcampaign.com https://c1.adform.net https://match.adsrvr.org https://track2.selfcampaign.com https://track.selfcampaign.com https://syndication.twitter.com; frame-src 'self' https://www.youtube.com https://*.googlesyndication.com/ https://delivery.selfcampaign.com https://platform.twitter.com; connect-src 'self' https://*.g.doubleclick.net https://*.gstatic.com https://*.curator.io https://api.mapbox.com; report-uri https://rtmcommercialmotors.report-uri.com/a/d/g; upgrade-insecure-requests 2
script-src https://www.endurasport.com https://m.endurasport.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://static.thgcdn.cn https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://pay.google.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.endurasport.com/cspReport.txt; 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 2
font-src https://geowidget.easypack24.net https://maxcdn.bootstrapcdn.com https://static.mi-home.pl https://static.mi-home.ro https://media.mi-home.pl https://media.mi-home.ro https://fonts.gstatic.com https://static3.avast.com https://baack.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.aliorbank.pl https://www.facebook.com https://3dsecure.ing.ro https://3dsecure-1.wirecard.com https://www.secure2gw.ro https://www.secure22gw.ro https://ecclients.btrl.ro https://*.acs.touchtechpayments.com *.przelewy24.pl *.eraty.pl 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://checkoutshopper-live.adyen.com https://www.googletagmanager.com/ www.facebook.com platform.twitter.com https://www.youtube.com https://i01.appmifile.com/ https://pay.google.com https://bid.g.doubleclick.net https://gum.criteo.com https://www.googletagmanager.com https://static.criteo.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://checkoutshopper-live.adyen.com data: https://geowidget.easypack24.net https://*.openstreetmap.org https://osm.inpost.pl https://api.mapbox.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.amazonaws.com *.cloudfront.net https://mi-home.pl https://static.mi-home.pl https://static.mi-home.ro https://media.mi-home.pl https://media.mi-home.ro https://www.rolv.h2.pl https://maps.gstatic.com https://googleads.g.doubleclick.net https://www.google.com maps.googleapis.com i01.appmifile.com/ https://a5.behance.net https://www.gstatic.com https://www.google.ro/ads/ https://www.google.pl/ads/ https://www.google.lt/ads/ https://www.google.es/ads/ https://www.google.nl/ads/ https://www.google.co.uk/ads/ https://www.google.at/ads/ https://www.google.md/ads/ https://www.google.jo/ads/ https://www.google.ch/ads/ https://www.google.be/ads/ https://www.google.fr/ads/ https://www.google.de/ads/ https://www.google.cz/ads/ https://www.google.am/ads/ https://www.google.lu/ads/ https://www.google.se/ads/ https://www.google.com.au/ads/ https://www.google.bg/ads/ https://www.google.it/ads/ https://www.google.ie/ads/ https://www.google.hu/ads/ https://i.ytimg.com https://cdn.klarna.com blob: www.googletagmanager.com https://ssl.gstatic.com https://www.google-analytics.com https://connect.facebook.net https://csm.nl.eu.criteo.net https://csm.fr.eu.criteo.net http://www.rolv.h2.pl 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://checkoutshopper-live.adyen.com maps.googleapis.com https://geowidget.easypack24.net https://unpkg.com https://api.mapbox.com https://cdn.jsdelivr.net/npm/leaflet.locatecontrol/dist/L.Control.Locate.min.js http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io connect.facebook.net twitter.com platform.twitter.com https://ssl.ceneo.pl https://mi-home.pl https://mi-home.ro https://static.mi-home.pl https://static.mi-home.ro https://media.mi-home.pl https://media.mi-home.ro https://*.cloudflare.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://www.googleadservices.com https://pay.google.com https://www.googleapis.com https://www.google-analytics.com https://static.criteo.net https://tagmanager.google.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://sslwidget.criteo.com https://www.pagespeed-mod.com https://connect.facebook.net https://widget.eu.criteo.com http://*.cloudfront.net https://api.edrone.me 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://geowidget.easypack24.net https://unpkg.com https://api.mapbox.com https://cdn.jsdelivr.net/npm/leaflet.locatecontrol/dist/L.Control.Locate.min.css https://maxcdn.bootstrapcdn.com https://mi-home.pl https://mi-home.ro https://static.mi-home.pl https://static.mi-home.ro https://media.mi-home.pl https://media.mi-home.ro https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://secure.przelewy24.pl 'self' 'unsafe-inline'; object-src blob: 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://media.mi-home.pl https://media.mi-home.ro https://mi-home.pl https://i01.appmifile.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://api-pl-points.easypack24.net https://osm.inpost.pl http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://static.mi-home.pl https://static.mi-home.ro https://media.mi-home.pl https://media.mi-home.ro https://www.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://stats.g.doubleclick.net https://www.facebook.com https://steganos-api.ciuvo.com https://api.openapi.ro https://api.edrone.me 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp-report; report-to report-endpoint; 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck-partnerprogramm.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 2
font-src fonts.googleapis.com fonts.gstatic.com data: *.typekit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.youtube.com *.vimeo.com *.hotjar.com *.doubleclick.net cdn.jst.ai yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://a.klaviyo.com data: via.placeholder.com *.cdninstagram.com *.klaviyo.com *.google.com *.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://static.klaviyo.com https://fast.a.klaviyo.com api.airbud.io ajax.googleapis.com *.gstatic.com *.google.com *.klaviyo.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com *.typekit.net *.hotjar.com connect.facebook.net *.jst.ai *.kmail-lists.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com api.airbud.io *.klaviyo.com *.typekit.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://static.klaviyo.com https://fast.a.klaviyo.com *.klaviyo.com prod.airbud.io bam.nr-data.net *.google-analytics.com *.doubleclick.net *.kmail-lists.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline'; img-src 'self' https: data: 2
default-src 'self' pxlfsn.co www.google-analytics.com maps.googleapis.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 2
default-src 'self' *.google-analytics.com fonts.gstatic.com 'unsafe-inline' pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com cdn.cookielaw.org 'unsafe-eval' *.visualwebsiteoptimizer.com bid.g.doubleclick.net; font-src 'self' fonts.gstatic.com *.dataweavers.io; frame-ancestors 'none'; img-src 'self' *.adsymptotic.com *.dataweavers.io data: *.visualwebsiteoptimizer.com *.google-analytics.com t.co www.facebook.com px.ads.linkedin.com www.google.com www.google.com.au; script-src-elem 'self' www.googletagmanager.com static.ads-twitter.com platform.twitter.com *.licdn.com pi.pardot.com go.globalpaymentsinc.com go.globalpayments.com go.heartlandpaymentsystems.com go.openedgepayments.com 'unsafe-inline' *.google-analytics.com cdn.cookielaw.org *.facebook.net *.doubleclick.net *.visualwebsiteoptimizer.com *.dataweavers.io 'unsafe-eval' www.googleadservices.com analytics.twitter.com ws.zoominfo.com; style-src-elem 'self' *.dataweavers.io 'unsafe-inline'; worker-src 'self' blob:; 2
default-src 'self' https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://fonts.googleapis.com; img-src 'self' data: https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.google.com/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com *.cloudfront.net; frame-src https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com https://e.video-cdn.net; media-src 'self' blob:; report-uri https://jeno.report-uri.com/r/d/csp/enforce 2
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-xUQcjHXkAfsqgYPp5eXPEjb+c/CcEfnvUxHuSLGcvrc=' 'sha256-bT1Ymq1WqmR/IVUk/bpwBj+OeadvKW6Z37bJhTu00oY='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 2
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/domain-registry 2
default-src 'none';script-src 'self' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com https://storage.googleapis.com www.youtube.com *.ytimg.com https://az416426.vo.msecnd.net https://www.snapengage.com *.sleeknote.com 'sha256-/T8ei2agBozQQf3bDP88s4kGQHpPZ895F7C9leXiAuI=' 'sha256-84SdRJ3V5kHdFpCNyPHV65PvbVR7CrU+frk6XrjiJYk=' 'sha256-tlnnbbyW1jYRDa/xbAikIzyAehZr5yVUewyVV0ES5Fo=' 'sha256-YMXr6nR4Y24J/A3BV0rsAejvq8rQNrZPFXrMwPNInMY=' 'sha256-dZB5CgpmP37thT2f4phKMohGYLl6vnHS9aV6jLXI/Ww=' 'sha256-270dzOys3KjArpkwzugCwnTIScNZF0OAftN0dXMjFn0=' 'sha256-YdzAfGxOs9AMecT6I4/YEdEWdLYO3yZER2AJxJle9Wg=' 'sha256-pDSwtKqiYezpPoJIKuKQi7lyp3nPhHS+zVOEt81jLe0=';object-src 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-PLhQ1IguHjjEeFz1rcHAp1G0kdXEviAPtpMGhKEoxLw=' 'sha256-NJ45L53GQHjbanjFYsFzNI6wUt9suktEt2cgKsSVXPI=' 'sha256-hMEnt2qMHAmQZgCjWJ4hweKuzi+3YEdUo00f8k/ebMo=';img-src 'self' https://www.google-analytics.com https://storage.googleapis.com;media-src 'none';frame-src 'self' www.youtube.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;connect-src 'self' https://api.ipgeolocation.io https://dc.services.visualstudio.com;child-src www.youtube.com;form-action 'self' https://az416426.vo.msecnd.net https://www.snapengage.com;worker-src 'self' blob:;report-uri /api/csp-report/log 2
default-src 'self' polyfill.io cdn.bizible.com 346-poj-129.mktoresp.com script.crazyegg.com www.google.co.uk www.google.com px.ads.linkedin.com ws.zoominfo.com stats.g.doubleclick.net explore.amexglobalbusinesstravel.com tracking.crazyegg.com consent.trustarc.com bat.bing.com www.google-analytics.com www.googletagmanager.com ws-assets.zoominfo.com bugcrowd.com amexgbt.com youtube.com twitter.com assets.bugcrowdusercontent.com bat.bing.com abrtp2-cdn.marketo.com cdn.bizible.com script.crazyegg.com customer.d41.co consent.trustarc.com www.instagram.com www.linkedin.com ws-assets.zoominfo.com cdnjs.cloudflare.com app-ab43.marketo.com; frame-src 'self' polyfill.io cdn.bizible.com 346-poj-129.mktoresp.com script.crazyegg.com www.google.co.uk www.google.com px.ads.linkedin.com ws.zoominfo.com stats.g.doubleclick.net explore.amexglobalbusinesstravel.com tracking.crazyegg.com consent.trustarc.com bat.bing.com www.google-analytics.com www.googletagmanager.com ws-assets.zoominfo.com bugcrowd.com amexgbt.com youtube.com twitter.com assets.bugcrowdusercontent.com bat.bing.com abrtp2-cdn.marketo.com cdn.bizible.com script.crazyegg.com customer.d41.co consent.trustarc.com www.instagram.com www.linkedin.com ws-assets.zoominfo.com cdnjs.cloudflare.com app-ab43.marketo.com; object-src 'self' polyfill.io cdn.bizible.com 346-poj-129.mktoresp.com script.crazyegg.com www.google.co.uk www.google.com px.ads.linkedin.com ws.zoominfo.com stats.g.doubleclick.net explore.amexglobalbusinesstravel.com tracking.crazyegg.com consent.trustarc.com bat.bing.com www.google-analytics.com www.googletagmanager.com ws-assets.zoominfo.com bugcrowd.com amexgbt.com youtube.com twitter.com assets.bugcrowdusercontent.com bat.bing.com abrtp2-cdn.marketo.com cdn.bizible.com script.crazyegg.com customer.d41.co consent.trustarc.com www.instagram.com www.linkedin.com ws-assets.zoominfo.com cdnjs.cloudflare.com app-ab43.marketo.com; report-uri /_/csp-reports 2
font-src fonts.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es www.apptrian.com connect.facebook.net graph.facebook.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=appserver 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: 2
font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://cdn.zinrelo.com https://static.zdassets.com https://v2.zopim.com https://ekr.zdassets.com https://zendesk.com https://zendesk-staging.com https://rollbar-eu.zendesk.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com https://app.zinrelo.com https://mc-hub-designer-sto-use.azureedge.net https://cdn.zinrelo.com https://static.zdassets.com https://v2.zopim.com https://ekr.zdassets.com https://zendesk.com https://zendesk-staging.com https://rollbar-eu.zendesk.com https://www.google.com https://www.facebook.com https://www.youtube.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https://seal-minnesota.bbb.org https://dgjcoqnzn763b.cloudfront.net https://www.creativememories.com https://d3k81ch9hvuctc.cloudfront.net https://www.facebook.com https://www.google.com https://a.klaviyo.com https://img.youtube.com *.gstatic.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com https://cdn.listagram.com https://cdn.zinrelo.com https://static.cloudflareinsights.com https://assets.zendesk.com https://static.zdassets.com https://google.com https://www.google.com https://d395yjvh5spyzw.cloudfront.net https://gstatic.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://app.zinrelo.com https://api.mediacliphub.com https://ajax.cloudflare.com https://js.gleam.io https://connect.facebook.net https://cdn.noibu.com https://static.klaviyo.com https://fast.a.klaviyo.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://static.klaviyo.com https://cdn.listagram.com https://js.gleam.io fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static.static.com https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://bam.nr-data.net https://creativememories.zendesk.com https://ekr.zdassets.com https://a.klaviyo.com https://static-forms.klaviyo.com wss://widget-mediator.zopim.com https://telemetrics.klaviyo.com https://app.zinrelo.com https://api.mediacliphub.com https://dc.services.visualstudio.com https://geo-cdn.creativememoriesau.com https://geo-cdn.creativememories.ca https://geo-cdn.creativememories.com https://stats.g.doubleclick.net wss://input.noibu.com https://input.noibu.com https://static.klaviyo.com https://fast.a.klaviyo.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src https://static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es api.bazaarvoice.com stg.api.bazaarvoice.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com display.ugc.bazaarvoice.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net performance.typekit.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2
script-src 'self' 'unsafe-eval' https://use.fontawesome.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://static.ctctcdn.com https://translate.googleapis.com; script-src-elem 'self' 'unsafe-inline' translate.google.com www.google.com www.gstatic.com static.ctctcdn.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com translate.googleapis.com bam.nr-data.net js-agent.newrelic.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net translate.googleapis.com static.ctctcdn.com www.gstatic.com https://use.fontawesome.com; frame-ancestors 'self' 2
font-src fonts.gstatic.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.punchout2go.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.salesforce.com 'self' 'unsafe-inline'; frame-ancestors *.schoolhealth.com mcstaging2.schoolhealth.com/ portal.punchout2go.com qa-portal.punchout2go.com dev-portal.punchout2go.com sapportal.ocps.net sapportalqap.ocps.net shop.equallevel.com *.punchout2go.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.youtube.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com cdn.dnky.co webchat.dotdigital.com *.schoolhealth.com *.youtube.com *.punchout2go.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com *.cenpos.net *.cenpos.com *.schoolhealth.com  *.chartbeat.com *.chartbeat.net *.pages03.net *.unbxdapi.com *.b0e8.com www.google.com *.punchout2go.com 'self' data: blob: 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com maps.googleapis.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.cenpos.com *.cenpos.net *.google.com *.gstatic.com *.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com www.googletagmanager.com ssl.google-analytics.com *.cloudfront.net *.cloudflare.com *.pages03.net *.b0e8.com *.bc0a.com *.addtoany.com *.chartbeat.com *.punchout2go.com *.unbxdapi.com *.unbxd.com *.unbxd.io *.newrelic.com *.nr-data.net data: 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.bootstrapcdn.com *.punchout2go.com *.googleapis.com *.unbxdapi.com *.unbxd.com *.unbxd.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.doubleclick.net www.google-analytics.com *.nr-data.net *.demdex.net *.punchout2go.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none';   manifest-src 'self';   script-src 'self' 'unsafe-inline' 'unsafe-eval'     *.hotjar.com     http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js     http://sparkbox.github.com     https://analytics.twitter.com     https://apply.workable.com     https://assets.codepen.io     https://bid.g.doubleclick.net     https://cdn.jsdelivr.net     https://connect.facebook.net     https://googleads.g.doubleclick.net     https://platform.twitter.com     https://production-assets.codepen.io     https://script.hotjar.com     https://snap.licdn.com     https://static.ads-twitter.com     https://static.codepen.io     https://static.hotjar.com     https://translate.googleapis.com     https://www.google-analytics.com     https://www.google.com     https://www.googleadservices.com     https://www.googletagmanager.com     https://www.workable.com     https://www.youtube.com;   connect-src 'self'     *.hotjar.com     https://stats.g.doubleclick.net     https://vc.hotjar.io     https://www.google-analytics.com;   font-src 'self' data:     https://fonts.gstatic.com;   img-src 'self' data:     http://t.co     https://lh6.googleusercontent.com     https://p.adsymptotic.com     https://px.ads.linkedin.com     https://stats.g.doubleclick.net/r/collect     https://t.co     https://www.facebook.com     https://www.google-analytics.com     https://www.google.com     https://www.googletagmanager.com     https://www.linkedin.com;   style-src 'self' 'unsafe-inline' data:     http://afeld.github.io/emoji-css/emoji.css     http://hello.myfonts.net/count/3ca576     https://cloud.typography.com/655912/6152352/css/fonts.css     https://fonts.googleapis.com     https://hello.myfonts.net     https://hello.myfonts.net/count/3ca576;   frame-src 'self'     https://bid.g.doubleclick.net     https://codepen.io     https://codesandbox.io     https://platform.twitter.com     https://syndication.twitter.com     https://vars.hotjar.com     https://www.facebook.com     https://www.google.com     https://www.googletagmanager.com     https://www.youtube.com;   media-src data:;   report-uri https://sparkbox.report-uri.com/r/d/csp/reportOnly 2
report-uri https://sentry.io/api/1479396/security/?sentry_key=ebff80a744024d8a8f5630df4ea55e5d&sentry_environment=PROD&sentry_release=2021-7-25-1; default-src 'self'; script-src 'self' static.dynamicsignal.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com translate.google.com *.googleapis.com *.cloudfront.net cdnjs.cloudflare.com platform.twitter.com connect.facebook.net assets.adobedtm.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' static.dynamicsignal.com *.cloudfront.net *.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; font-src * data: blob:; img-src * data: blob:; media-src * data: blob:; frame-src 'self' www.youtube.com platform.twitter.com www.facebook.com; manifest-src *; connect-src 'self' static.dynamicsignal.com api.dynamicsignal.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com translate.google.com *.googleapis.com *.cloudfront.net *.doubleclick.net platform.twitter.com connect.facebook.net assets.adobedtm.com *.sentry.io sentry.io olivia.paradox.ai gateway.zscloud.net relay.voicestorm.com relay-eu.voicestorm.com relay.voicestorm.biz relay.dynamicsignal.com freq.voicestorm.com freq-eu.voicestorm.com freq.voicestorm.biz freq.dynamicsignal.com api.voicestorm.com api-eu.voicestorm.com api.voicestorm.biz api.dynamicsignal.com apigateway.voicestorm.com apigateway-eu.voicestorm.com apigateway.voicestorm.biz apigateway.dynamicsignal.com streaming.voicestorm.com:* streaming-eu.voicestorm.com:* streaming.voicestorm.biz:* streaming.dynamicsignal.com:* 2
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com https://*.hotjar.com https://*.cloudfront.net *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.doubleclick.net https://www.google.com https://*.hotjar.com https://*.livechatinc.com https://*.reviews.co.uk *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com *.adyen.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com www.facebook.com https://*.doubleclick.net https://www.google.com https://www.google.co.uk https://*.cloudfront.net https://*.facebook.com https://*.yotpo.com https://*.heritagepartscenter.com https://a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com *.adyen.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://*.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://*.nr-data.net https://*.newrelic.net https://*.newrelic.com https://*.livechatinc.com https://*.facebook.net https://*.webgains.io https://*.chimpstatic.com https://*.yotpo.com https://*.reviews.co.uk https://*.trackedlink.net https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com https://*.googleapis.com https://*.yotpo.com https://*.cloudfront.net https://*.reviews.co.uk *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com https://*.livechatinc.com https://*.heritagepartscenter.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.algolia.net *.algolia.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net https://*.reviews.co.uk https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'none'; connect-src 'self' https: wss://*.zopim.com; font-src data: https:; frame-src https://js.stripe.com https://m.stripe.network https://www.google.com https://www.youtube.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net; img-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https://d3tw2v68rmxuj7.cloudfront.net https://fonts.googleapis.com; report-uri /csp 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.sagepay.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net commerce.adobedtm.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.sagepay.com maps.googleapis.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com display.ugc.bazaarvoice.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.sagepay.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' https: https://*.googleapis.com https://code.jquery.com https://*.transistor.fm/ https://www.youtube.com/ https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com  https://go.majesco.com https://go.pardot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'sha256-qgMf5mTm7zQf4gOkujZEeSr+pBbZQkUdRPjK+/evjfg=' 'sha256-Xtapj9RzkkyuBEXNJ1gzz1NvQtgrIXm2CNAJB8bddBs=' 'sha256-BsrlnIfmRgjdD47rapBgZZ479VjdMjYQtfXaRSC9lNE=' 'sha256-/dO7zSvMkR5zrhXiqA0U2NIfBGyR5bIuH7Hce5MbeOM=' 'sha256-O+rlwaozg9jGVOyGY3WtlEtXBqHwylzXY/THMfLzPb0=' 'sha256-gW4yJaazFtpcejPi1gF3WTjwiHisT/U3RYVtjY2TCFA=' 'sha256-c8I32HhufzItpnpE6iBBfZ6pZuBM4NHlAG+1ugBsAfs=' 'sha256-0FhtDD74ICo7/mr3hB9MyFvyZe6VoFcRqh3LkI3gpGk=' 'sha256-mZAMNyFoze93NiOR7t7JbFNNd2mSPD0olO+ut9/OeWY=' 'sha256-rjfSUjIA2A20p4lATAefLLG7Fy7VJssnkJ+SnJ2TXNo=' 'sha256-dO4mqrcDfs9YMSUAaps3/EhMsnIWjm1/OoJxHJpvw64=' 'sha256-RWn1w3BKiDlDNbD6vM1kYLpeWCwwWPkob0LMWJ2gKJk=' 'sha256-l8mxduXEKCPFUh1xQeNa2L8c/yW2CeHRDsrgRfgdZFo=' 'sha256-les4+S9P4RaMZWpqFIXkaa76y8zV/LqmQIKs0ZIqye4=' 'sha256-/oCkyxr/zsYLgoX+T6TVrgCeVTOC4+sGCHzvui7aa84=' 'sha256-VSumfjqfNfwJ1o0sBotE6AWUGMAa0cObcAVqTS43zNY=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' https://*.googleapis.com https://code.jquery.com https://*.transistor.fm/ https://www.youtube.com/ https://www.googletagmanager.com https://www.google-analytics.com https://*.twitter.com https://www.googleadservice.com https://static.ads-twitter.com https://bat.bing.com https://*.pardot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.syndication.twimg.com  https://go.majesco.com https://go.pardot.com https://*.mxpl.com https://*.mixpanel.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://*.googleapis.com https://code.jquery.com https://*.transistor.fm/ https://www.youtube.com/ https://www.googletagmanager.com https://www.google-analytics.com https://*.twitter.com https://www.googleadservice.com https://static.ads-twitter.com https://bat.bing.com https://*.pardot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.syndication.twimg.com  https://go.majesco.com https://go.pardot.com https://*.mxpl.com https://*.mixpanel.com; img-src 'self' https: data: https://*.transistor.fm/ https://www.youtube.com/ https://*.gravatar.com https://www.google-analytics.com https://bat.bing.com https://t.co https://*.google.com https://*.twitter.com https://*.twimg.com  https://go.majesco.com https://go.pardot.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; font-src 'self' 'unsafe-inline' https: data: https://fonts.googleapis.com https://fonts.gstatic.com; media-src 'self' 'unsafe-inline' https: data: https://*.googleapis.com https://code.jquery.com https://www.youtube.com/ https://*.transistor.fm/; frame-src 'self' 'unsafe-inline' https: data:  https://*.googleapis.com https://code.jquery.com https://*.transistor.fm/ https://www.youtube.com/ https://go.majesco.com https://go.pardot.com https://*.twitter.com https://bid.g.doubleclick.net https://www.google.com 2
font-src *.fontawesome.com https://fonts.gstatic.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com https://www.google.com https://eu-west-1-wtb-tag-api.swaven.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleadservices.com www.google-analytics.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com www.youtube.com *.avada.io https://www.google.com https://www.gstatic.com https://storage.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.blueconic.net https://jdeco11112.pcapredict.com https://*.swaven.com https://*.usabilla.com https://*.boost.ai *.yotpo.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net https://d6tizftlrpuof.cloudfront.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.blueconic.net https://*.swaven.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.boost.ai *.yotpo.com https://bam.eu01.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://d6tizftlrpuof.cloudfront.net https://*.boost.ai 'self' 'unsafe-inline'; 2
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.newrelic.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com 'unsafe-inline' *.sessioncam.com 'unsafe-inline' *.adyen.com 'unsafe-inline' *.google.com 'unsafe-inline' *.gstatic.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval'; font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline' *.facebook.com 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.force.com nestle-forms.cs.blip.ai *.facebook.com data: *.adyen.com 'self' 'unsafe-inline'; img-src * 'unsafe-inline' data: widgets.magentocommerce.com  *.sessioncam.com s.ytimg.com data: *.adyen.com *.google.com 'self' 'unsafe-inline'; script-src *.evgnet.com *.salesforce.com *.doubleclick.net *.facebook.net *.force.com  *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleadservices.com s.ytimg.com  www.youtube.com *.adyen.com *.google.com google.com *.gstatic.com *.newrelic.com 'unsafe-inline' 'unsafe-eval' *.nr-data.net 'unsafe-inline' 'unsafe-eval' *.sessioncam.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.force.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'  https://stats.g.doubleclick.net *.google-analytics.com *.nr-data.net ws.sessioncam.com ; child-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.klevu.com *.global-e.com *.yotpo.com www.google-analytics.com 'self' 'unsafe-inline'; form-action *.twitter.com *.pcipalstaging.cloud *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.bglobale.com *.freshchat.com *.global-e.com www.google-analytics.com *.pcipalstaging.cloud *.useinsider.com *.vimeo.com *.zenaps.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com 'self' data: *.global-e.com *.klevu.com *.seasaltcornwall.com *.blucommerce.com *.yotpo.com yotpo-stool.s3.amazonaws.com *.contentsquare.net *.freshchat.com *.bing.com *.doubleclick.net *.google.com *.google.co.uk seasaltcornwall.com *.fbsbx.com *.kaltura.com *.pinterest.com *.securitymetrics.com *.zenaps.com *.awin1.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klevu.com *.bglobale.com *.yotpo.com js-agent.newrelic.com *.nr-data.net *.googletagmanager.com *.contentsquare.net *.freshchat.com *.bing.com *.doubleclick.net *.global-e.com *.google.com *.sub2tech.com *.cookielaw.org *.onetrust.com *.useinsider.com *.dwin1.com *.kaltura.com *.pinimg.com *.zenaps.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klevu.com *.yotpo.com t.contentsquare.net *.freshchat.com *.bing.com www.google-analytics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.vimeo.com *.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net performance.typekit.net commerce.adobe.net qa-api.magedevteam.com commerce-beta.adobe.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.brilliantcollector.com *.yotpo.com *.contentsquare.net *.freshchat.com *.bing.com *.nr-data.net *.klevu.com stats.g.doubleclick.net www.google-analytics.com *.edq.com wss://euwest1.pcipalstaging.cloud *.pcipalstaging.cloud *.cookielaw.org *.adyen.com *.useinsider.com *.pinterest.com *.onetrust.com 'self' 'unsafe-inline'; child-src blob: *.contentsquare.net *.seasaltcornwall.com 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://store.plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.google.com https://store.plumrocket.com https://accounts.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudfront.net www.google.com www.google.es www.googletagmanager.com stats.g.doubleclick.net *.onetrust.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.mczbf.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.google.com www.gstatic.com sl.google-analytics.com js-agent.newrelic.com bam.nr-data.net cdn.connectif.cloud geoip-js.com *.onetrust.com https://accounts.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com fonts.gstatic.com https://accounts.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.mczbf.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.google-analytics.com stats.g.doubleclick.net *.paypal.com bam.nr-data.net geoip-js.com *.connectif.cloud *.onetrust.com https://accounts.google.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' www.farmersbusinessnetwork.com track.gradable.com track.fbn.com; script-src 'self' www.farmersbusinessnetwork.com track.gradable.com track.fbn.com 'unsafe-inline' 'unsafe-eval' apis.google.com www.gstatic.com www.google.com app.certcapture.com *.googleapis.com js.stripe.com connect.facebook.net s.farmersbusinessnetwork.com; script-src-elem 'self' www.farmersbusinessnetwork.com track.gradable.com track.fbn.com 'unsafe-inline' apis.google.com www.gstatic.com www.google.com app.certcapture.com *.googleapis.com js.stripe.com connect.facebook.net s.farmersbusinessnetwork.com ; connect-src 'self' www.farmersbusinessnetwork.com track.gradable.com track.fbn.com sentry.io *.sentry.io cdn.contentful.com boards-api.greenhouse.io *amazonaws.com app.certcapture.com; style-src 'self' www.farmersbusinessnetwork.com track.gradable.com track.fbn.com 'unsafe-inline' app.certcapture.com *.googleapis.com; style-src-elem 'self' www.farmersbusinessnetwork.com track.gradable.com track.fbn.com *.gradable.com 'unsafe-inline' app.certcapture.com *.googleapis.com; font-src 'self' www.farmersbusinessnetwork.com track.gradable.com track.fbn.com data: fonts.gstatic.com; img-src data: blob: https: ; frame-src 'self' www.farmersbusinessnetwork.com track.gradable.com track.fbn.com track.gradable.com track.fbn.com *.youtube.com *.google.com js.stripe.com www.facebook.com fast.wistia.net www.recaptcha.net; child-src 'self' www.farmersbusinessnetwork.com track.gradable.com track.fbn.com www.youtube.com player.vimeo.com fast.wistia.net; media-src data:; object-src 'none'; report-uri /api/effu/eum/csp/report; 2
default-src 'self' https://script.crazyegg.com/; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://www.googleadservices.com https://s7.addthis.com/ https://cdn.jsdelivr.net/jquery.cookie/1.3/jquery.cookie.js https://edge.fullstory.com/s/fs.js https://fast.wistia.com/ https://go.blueacornici.com/analytics https://j.6sc.co/6si.min.js https://m.addthis.com/live/red_lojson/300lo.json https://script.crazyegg.com/ https://pi.pardot.com/ https://s7.addthis.com/js/300/addthis_widget.js https://script.crazyegg.com/pages/scripts/0086/5481.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://z.moatads.com/addthismoatframe568911941483/moatframe.js; style-src 'report-sample' 'unsafe-inline' 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://distillery.wistia.com https://*.google.com https://c.6sc.co/ https://*.tracking.crazyegg.com https://*.crazyegg.com https://secure.adnxs.com/ https://m.addthis.com https://rs.fullstory.com https://script.crazyegg.com https://www.google-analytics.com; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://assets.quadpay.com; frame-src 'self' https://*.addthis.com https://www.googletagmanager.com https://tpc.googlesyndication.com; img-src 'self' https://*.wistia.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://secure.gravatar.com https://www.google.com https://p.adsymptotic.com https://b.6sc.co https://px.ads.linkedin.com https://*.linkedin.com https://www.google-analytics.com; manifest-src 'self'; media-src 'self' https://cdn.hiretual.com https://*.wistia.com https://cdn.hiretual.com; report-uri https://9370cc4740bad4d453bbdb51fc542c83.report-uri.com/r/d/csp/reportOnly; worker-src 'none'; 2
default-src 'self' https: blob:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob: http:; connect-src 'self' https: api.ecobnb.net hits-i.iubenda.com cdnjs.cloudflare.com ajax.googleapis.com code.jquery.com insights.hotjar.com links.services.disqus.com *.hotjar.com *.optimizely.com wss://*.hotjar.com wss://*.ecobnb.com wss://ecobnb.it wss://ecobnb.fr wss://ecobnb.de; font-src 'self' https: fonts.gstatic.com sb.ecobnb.net sxt.cdn.skype.com maxcdn.bootstrapcdn.com data:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' http:; child-src *; frame-src *; report-uri https://2zkpbvapeqvwwp13110qnocb.httpschecker.net/report; 2
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.netreviews.eu cl.avis-verifies.com www.google.com www.google.fr *.facebook.com bat.bing.com *.linkedin.com *.avis-verifies.com *.netreviews.eu *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.kameleoon.com *.kameleoon.eu cl.avis-verifies.com cdn.lefebvre-sarrut.be *.facebook.com *.facebook.net bat.bing.com snap.licdn.com sdk.privacy-center.org www.google.com www.gstatic.com *.avis-verifies.com *.pardot.com *.larcier-intersentia.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.kameleoon.com *.kameleoon.eu *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es www.google-analytics.com bat.bing.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-src 'self' https://js.driftt.com; https://www.lacework.com; child-src 'self' https://js.driftt.com; https://www.lacework.com; script-src 'self' https://js.driftt.com; https://www.lacework.com; upgrade-insecure-requests 2
default-src 'self'; script-src 'report-sample' 'self' https://apis.google.com/js/plusone.js https://assets.pinterest.com/js/pinit.js https://connect.facebook.net/en_US/fbevents.js https://platform.twitter.com/widgets.js https://seal.thawte.com/getthawteseal https://ssl.google-analytics.com/ga.js https://translate.google.com/translate_a/element.js https://translate.googleapis.com/translate_static/js/element/main.js; style-src 'report-sample' 'self' https://translate.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self' https://accounts.google.com https://apis.google.com https://my.sendinblue.com https://platform.twitter.com https://www.facebook.com https://www.youtube.com; img-src 'self' https://i.ytimg.com https://log.pinterest.com https://ssl.google-analytics.com https://syndication.twitter.com https://www.facebook.com https://www.gstatic.com; manifest-src 'self'; media-src 'self'; report-uri https://5f466512b641482c3e7cf8aa.endpoint.csper.io/; worker-src 'none'; 2
font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://unpkg.com https://*.cloudfront.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://uploader.orbus.com wss://uploader.orbus.com https://unpkg.com https://s3.amazonaws.com https://settings.luckyorange.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri https://imkryiyepi.execute-api.eu-west-1.amazonaws.com/production/; default-src https: 'unsafe-inline' 'unsafe-eval'; script-src-elem script-src-elem https://ssl.google-analytics.com https://www.googletagservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://securepubads.g.doubleclick.net https://adservice.google.co.uk https://adservice.google.com https://tpc.googlesyndication.com 'unsafe-inline' 'self'; script-src https: https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.abstractscorecard.com www.googletagmanager.com www.mycadmium.com; style-src-elem 'unsafe-eval' 'unsafe-inline' www.abstractscorecard.com www.mycadmium.com; report-uri /csp-violation-report-endpoint/ 2
default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 2
default-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.disqus.com *.disquscdn.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.pinterest.com *.youtube.com disqus.com s.ytimg.com stephband.info https://thirdhour.org; connect-src https:; font-src data: https:; form-action https:; frame-src https:; child-src https:; img-src data: https:; manifest-src https:; media-src https:; object-src https:; upgrade-insecure-requests 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://csp.rcahms.gov.uk/ncap-live; 2
default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 2
default-src 'self' data:; report-uri /csp.cfm; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net; font-src 'self' data: https:; frame-ancestors 'self'; frame-src 'self' player.vimeo.com *.youtube.com www.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com ; img-src 'self' data: www.google-analytics.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com; connect-src 'self' www.google-analytics.com https://api.lever.co 2
font-src 'self' data: 'self' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net fonts.gstatic.com joinhoney.com cdn.joinhoney.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com s7.addthis.com imgs.signifyd.com amc.demdex.net 'self' 'self' data: criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net reebee.com www.reebee.com *.moneris.com h.online-metrix.net *.issuu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 6127557.global.siteimproveanalytics.io cdn.klarna.com img.youtube.com imgs.signifyd.com landofcoder.com mageside.com maps.gstatic.com maps.googleapis.com *.online-metrix.net www.bmr.ca www.mageworx.com 'self' 'unsafe-inline' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net www.google.ro www.google.be www.google.co.in www.google.fr www.google.dz adserve.atedra.com *.gstatic.com *.siteimprove.com *.siteimproveanalytics.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com www.youtube.com polyfill.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' data: 'unsafe-inline' data: 'unsafe-eval' data: s7.addthis.com maps.googleapis.com z.moatads.com v1.addthisedge.com m.addthis.com r2-t.trackedlink.net imgs.signifyd.com cdn-scripts.signifyd.com www.google.com 'self' 'unsafe-inline' 'unsafe-eval' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com *.algolia.net www.reebee.com reebee.com www.gstatic.com *.gstatic.com siteimproveanalytics.com bam.nr-data.net r2.dotmailer-surveys.com static.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com fonts.googleapis.com 'self' data: 'unsafe-inline' data: 'self' 'unsafe-inline' criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.algolia.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com m.addthis.com *.algolianet.com imgs.signifyd.com 'self' 'self' data: criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com polyfill.io ca.api4load.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'self' data: criteo.net criteo.com *.doubleclick.net twitter.com ads-twitter.com *.trackedlink.net cloudfront.net xg4ken.com bing.com getcandid.com amazonaws.com *.googletagmanager.com shopbot.ca pinimg.com pinterest.com adnxs.com yimg.com ytimg.com hotjar.com amazon-adsystem.com *.addthis.com *.addthisedge.com *.googleapis.com *.google-analytics.com *.googleadservices.com adroll.com jsdelivr.net typekit.net adsrvr.org rubiconproject.com casalemedia.com openx.net pubmatic.com *.facebook.net *.facebook.com www.bmr.ca www.unimat.ca www.agrizone.co www.lashop.com *.bootstrapcdn.com *.signifyd.com *.google.com *.google.ca *.youtube.com *.dotmailer.com *.dotmailer-surveys.com *.paypalobjects.com *.paypal.com *.newrelic.com *.algolianet.com polyfill.io *.algolia.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /pub/csp-report.php; report-to report-endpoint; 2
frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consentcdn.cookiebot.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consent.cookiebot.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: euronet-dev01.epayworldwide.com ; form-action 'none' data: blob: ; report-uri /csp_report 2
font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net tr.snapchat.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.gomoxie.solutions *.braintreegateway.com tr.snapchat.com *.doubleclick.net *.paypal.com *.paypalobjects.com *.google.com *.kaptcha.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com maps.gstatic.com *.doubleclick.net d1dwsi2ysdg1so.cloudfront.net us.coca-cola.com cocacola.scene7.com ct.pinterest.com *.facebook.com *.userway.org *.agkn.com *.google.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net rpxnow.com *.rpxnow.com forty11115.pcapredict.com *.gomoxie.solutions *.googleapis.com js-agent.newrelic.com *.google.com *.gstatic.com bam.nr-data.net *.coca-cola.com *.pricespider.com *.googletagmanager.com sc-static.net *.sc-static.net *.pinimg.com cdn.kxrd.net *.userway.org *.doubleclick.net connect.facebook.net cdn.krxd.net cdn.cookielaw.org api.addressy.com *.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com unsafe-inline d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.gomoxie.solutions p.typekit.net *.pricespider.com api.addressy.com cdn.cookielaw.org cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.shareacoke.com *.gomoxie.solutions bam.nr-data.net *.braintreegateway.com *.paypal.com *.google-analytics.com *.doubleclick.net *.coca-cola.com *.facebook.com ct.pinterest.com *.userway.org *.coke.com api.addressy.com *.ccnag.com *.paypalobjects.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cokestore.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://v.altos.re https://d3lvyvnpx5ojp0.cloudfront.net https://d2j5mmc5xd3gqs.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://cdn.mxpnl.com https://api.mixpanel.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.ckeditor.com https://code.highcharts.com https://code.angularjs.org https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com https://connect.facebook.net https://www.bugherd.com; style-src 'self' 'unsafe-inline' https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2v26nvc3n2c51.cloudfront.net https://cdn.staging.altos.re https://cdn.ckeditor.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://v.altos.re https://d2j5mmc5xd3gqs.cloudfront.net https://d3lvyvnpx5ojp0.cloudfront.net https://cdn.altos.re https://cdn.staging.altos.re https://ssl.google-analytics.com https://www.google-analytics.com https://s-static.ak.facebook.com https://www.facebook.com https://altosimages-staging.s3.amazonaws.com https://altosimages.s3.amazonaws.com https://api.url2png.com https://cdn.ckeditor.com https://q.stripe.com https://maps.googleapis.com https://www.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net; font-src 'self' https://v.altos.re https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://themes.googleusercontent.com https://www.bugherd.com; connect-src 'self' https://charts.altosresearch.com https://cdn.staging.altos.re https://cdn.altos.re wss://ws.pusherapp.com/app/edf8b9a8b50d1c28bb17 https://api.mixpanel.com https://www.bugherd.com https://checkout.stripe.com; object-src 'self' ; child-src https://www.facebook.com https://s-static.ak.facebook.com https://www.filestackapi.com https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://dialog.filestackapi.com; block-all-mixed-content; reflected-xss block; report-uri https://altos.report-uri.io/r/default/csp/reportOnly; 2
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com tvape.com torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de *.olark.com cdn.tvape.fr *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.google.com accounts.google.com hubspot.com forms.hubspot.com hsforms.net forms.hsforms.com hsforms.com js.hsforms.net stonersguardian.com api.payengine.de payengine.de signin.ebay.com auth.ebay.com ebay.com www.ebay.com *.cardinalcommerce.com tvape.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.dotdigital-pages.com *.dotdigital.com www.google.com accounts.google.com static.olark.com tracking.sezzle.com online.fliphtml5.com r1.dotmailer-surveys.com pp.payengine.de hsforms.net forms.hsforms.com dpm.demdex.net demdex.net youtu.be youtube.com stonersguardian.com api.payengine.de payengine.de player.vimeo.com 20813811p.rfihub.com *.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.google.com accounts.google.com torontovaporizer.ca cdn.torontovaporizer.ca tvape.com stats.g.doubleclick.net maps.gstatic.com d3svog4tlx445w.cloudfront.net static.olark.com log.olark.com data: media.sezzle.com i.ytimg.com www.googletagmanager.com maps.googleapis.com js.hsforms.net hsforms.net forms.hsforms.com forms.hubspot.com *.tvape.com dpm.demdex.net demdex.net chart.googleapis.com amcglobal.sc.omtrdc.net stonersguardian.com api.payengine.de payengine.de r1-t.trackedlink.net img.onesignal.com *.cardinalcommerce.com js.klevu.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com accounts.google.com embed.sendcloud.sc knrpc.olark.com static.cloudflareinsights.com maps.googleapis.com www.googletagmanager.com stats.g.doubleclick.net www.gstatic.com r1-t.trackedlink.net c1.rfihub.net a.rfihub.net pp.payengine.de static.olark.com assets.olark.com api.olark.com a.optnmstr.com widget.sezzle.com r1.dotmailer-surveys.com js.hsforms.net hsforms.net forms.hsforms.com *.vimeocdn.com dpm.demdex.net demdex.net stonersguardian.com ajax.cloudflare.com api.payengine.de payengine.de g594253005.co verify.bluecheck.me g1782759015.co.de g1782759015.co cdn.onesignal.com onesignal.com bam.nr-data.net *.cardinalcommerce.com script.crazyegg.com cdn.noibu.com cdn4.mxpnl.com *.mxpnl.com js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com static.olark.com media.sezzle.com fonts.googleapis.com hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com api.payengine.de payengine.de accounts.google.com onesignal.com cdn.tvape.fr verify.bluecheck.me *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.olark.com cdn.torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de cdn.tvape.fr *.cardinalcommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com accounts.google.com knrpc.olark.com api.omappapi.com geoip.sezzle.com media.sezzle.com www.google-analytics.com stats.g.doubleclick.net developer.google.com hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com api.payengine.de payengine.de bam.nr-data.net onesignal.com *.cardinalcommerce.com cdn.noibu.com script.crazyegg.com input.noibu.com *.noibu.com wss://input.noibu.com/pv_part verify.bluecheck.me *.bluecheck.me cdn4.mxpnl.com *.mxpnl.com api-js.mixpanel.com *.mixpanel.com *.ksearchnet.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 2
default-src 'self' *.ctfassets.net;img-src 'self' *.ctfassets.net *.facebook.com *.facebook.net *.googletagmanager.com *.google-analytics.com data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.gstatic.com;connect-src 'self' ws: *.contentful.com *.bugsnag.com *.google-analytics.com *.swish.nu *.facebook.com;object-src 'none';script-src 'self' 'unsafe-eval' *.facebook.net *.googletagmanager.com *.google-analytics.com 'sha256-EbIf/28oJqqS5jlA4F4cxAuQyBgLsbwNN3SaKD7SPG8=' 'sha256-fNl6dMU2ozNYP+OO/xe3UlSrQ/B7H/B5mYtcdLPGSWc=' 2
font-src *.gstatic.com 'self' data: *.doubleclick.net *.klevu.com *.zopim.com *.loyaltylion.com *.loyaltylion.net *.wpengine.com *.bootstrapcdn.com *.googleapis.com https://payments.amazon.co.uk https://static-eu.payments-amazon.com *.google.co.in *.google.co.uk *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.myfonts.net *.sagepay.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com pi-test.sagepay.com *.loyaltylion.com *.loyaltylion.net *.wpengine.com *.bootstrapcdn.com *.googleapis.com https://payments.amazon.co.uk https://static-eu.payments-amazon.com https://test.sagepay.com https://live.sagepay.com *.zopim.com wss://*.zopim.com *.google.co.in *.google.co.uk *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.sagepay.com https://store.plumrocket.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.doubleclick.net *.facebook.com *.youtube.com *.addthis.com *.demdex.net *.criteo.com *.sagepay.com *.mention-me.com *.cardinalcommerce.com *.vimeo.com *.izooto.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com pi-test.sagepay.com *.loyaltylion.com *.loyaltylion.net *.wpengine.com *.bootstrapcdn.com *.googleapis.com https://payments.amazon.co.uk https://static-eu.payments-amazon.com https://test.sagepay.com https://live.sagepay.com *.zopim.com wss://*.zopim.com https://rcgmal4n.klarnaservices.com *.klarnaservices.com *.dotmailer-surveys.com mention-me.com *.google.co.in *.google.co.uk *.googletagmanager.com r1.dotdigital-pages.com https://store.plumrocket.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.feefo.com *.nosto.com *.linksynergy.com *.dc-storm.com *.bing.com *.google.co.in *.google.co.uk *.googletagmanager.com d23yuld0pofhhw.cloudfront.net *.postcodeanywhere.co.uk *.klevu.com *.everesttech.net *.demdex.net *.omtrdc.net *.izooto.com *.google-analytics.com *.mention-me.com mention-me.com *.sagepay.com *.googleadservices.com *.paypal.com *.paypalobjects.com pi-test.sagepay.com *.loyaltylion.com *.loyaltylion.net *.wpengine.com *.googleapis.com https://payments.amazon.co.uk https://static-eu.payments-amazon.com https://www.facebook.com https://www.google-analytics.com *.zopim.com wss://*.zopim.com *.dotmailer-surveys.com blob: *.bootstrapcdn.com https://yznrgxhu.klarnaservices.com *.klarnaservices.com *.t.co *.traidcraftshop.co.uk yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.chimpstatic.com chimpstatic.com *.nosto.com *.trackedweb.net trackedweb.net *.zopim.com *.dotmailer-surveys.com *.pcapredict.com *.loyaltylion.com *.klevu.com *.bing.com *.rakuten.com *.zdassets.com *.jquery.com *.izooto.com *.windows.net *.criteo.net *.criteo.com *.addthis.com *.addthisedge.com *.moatads.com *.mention-me.com *.postcodeanywhere.co.uk *.google.co.in *.gstatic.com *.cloudflare.com *.sagepay.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com pi-test.sagepay.com *.loyaltylion.net *.wpengine.com *.bootstrapcdn.com *.googleapis.com https://payments.amazon.co.uk https://static-eu.payments-amazon.com https://eu-library.klarnaservices.com/ *.convertexperiments.com *.feefo.com *.google.co.uk *.twitter.com *.ads-twitter.com *.dwin1.com r1.dotdigital-pages.com *.newrelic.com *.nr-data.net *.trackedlink.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.loyaltylion.com *.klevu.com *.windows.net *.postcodeanywhere.co.uk *.sagepay.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com pi-test.sagepay.com *.loyaltylion.net *.wpengine.com *.bootstrapcdn.com fonts.googleapis.com https://payments.amazon.co.uk https://static-eu.payments-amazon.com *.zopim.com wss://*.zopim.com http://fonts.googleapis.com https://fonts.googleapis.com *.google.co.in *.google.co.uk *.google.com *.googletagmanager.com *.myfonts.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.trackedweb.net *.zdassets.com *.zopim.com wss://*.zopim.com *.doubleclick.net *.loyaltylion.com *.demdex.net *.postcodeanywhere.co.uk *.izooto.com *.addthis.com *.bing.com *.mention-me.com *.facebook.com *.sagepay.com *.googleadservices.com *.paypal.com *.paypalobjects.com pi-test.sagepay.com *.loyaltylion.net *.wpengine.com *.bootstrapcdn.com *.googleapis.com https://payments.amazon.co.uk https://static-eu.payments-amazon.com https://babea371.klarnauserservices.com *.feefo.com *.google.co.in *.google.co.uk *.google.com *.googletagmanager.com *.ksearchnet.com *.nr-data.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src js.playground.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.gstatic.com data: *.cloudfront.net 'self' 'unsafe-inline'; form-action *.computop-paygate.com *.paypal.com *.girogate.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com https://googleads.g.doubleclick.net/ *.google.com *.google.de *.amazon.com *.payments-amazon.com *.amazon.de *.amazon.fr *.cloudfront.net *.awin1.com *.criteo.net *.criteo.com *.klarna.com https://cdn.loadbee.com/js/loadbee_integration.js 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validate.fishpig.co.uk https://www.valmano.com https://www.valmano.fr https://www.valmano.nl https://www.valmano.de https://www.valmano.at https://www.valmano.be https://www.valmano.se data: *.amazonaws.com *.cloudfront.net *.g.doubleclick.net *.google.com *.google.de *.bing.com *.facebook.com *.yahoo.com *.dwin1.com *.awin1.com *.addthis.com *.adnxs.com *.adscale.de *.adform.net *.advertising.com *.bidswitch.net *.casalemedia.com *.criteo.com *.tremorhub.com *.teads.tv *.ads.yieldmo.com *.demdex.net *.e-planning.net *.ivitrack.com *.liadm.com *.media.net *.omnitagjs.com *.outbrain.com *.openx.net *.pubmatic.com *.rubiconproject.com *.s24.com *.smaato.net *.smartclip.net *.smartadserver.com *.stickyadstv.com *.taboola.com *.3lift.com *.yandex.ru *.yieldlab.net *.360yield.com *.klarnacdn.net 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com jquery.sellxed.com *.google.com *.googletagmanager.com *.gstatic.com *.g.doubleclick.net https://cdn.jsdelivr.net *.zencdn.net *.payments-amazon.com *.scarabresearch.com *.amazon.de *.amazon.fr *.bing.com *.facebook.net *.dwin1.com *.awin1.com *.criteo.net *.criteo.com *.s24.com *.klarnacdn.net https://cdn.loadbee.com/js/loadbee_integration.js *.baqend.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.zencdn.net *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com https://stats.g.doubleclick.net *.amazon.com *.scarabresearch.com *.amazon.de *.amazon.fr *.klarnaevt.com *.klarna.com https://cdn.loadbee.com/js/loadbee_integration.js *.baqend.com *.cloudfront.net *.paypal.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.valmano.com/fakeurl; report-to report-endpoint; 2
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com acuityplatform.com ajax.googleapis.com cdn.onesignal.com dynamic.cannedbanners.com js-agent.newrelic.com nsg.symantec.com onesignal.com seal.godaddy.com *.freedommunitions.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com acuityplatform.com bam.nr-data.net maps.google.com pixel.mathtag.com a2.adform.net 279-ct.c3tag.com maps.googleapis.com 2
frame-ancestors 'none'; report-uri https://bandcamp.com/api/cspreport/1/violation 2
default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval';connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net;frame-src *.doubleclick.net *.google.* *.facebook.com www.googleadservices.com;report-uri https://www.facebook.com/csp/reporting/; 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://biggreensmile.report-uri.io/r/default/csp/reportOnly 2
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.weltpixel.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de maps.googleapis.com *.gstatic.com *.cdninstagram.com *.fbcdn.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de maps.googleapis.com ajax.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'nonce-46577dcdcab5537abdae1728cf048724'; connect-src 'self' 'nonce-46577dcdcab5537abdae1728cf048724' https://market-proxy.b2bx.cloud wss://market-proxy.b2bx.cloud; img-src 'self' data:; script-src 'self' 'nonce-46577dcdcab5537abdae1728cf048724'; object-src 'none'; font-src 'self' https://fonts.gstatic.com/ 'nonce-46577dcdcab5537abdae1728cf048724'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://moneybird.disqus.com https://disqus.com https://c.disquscdn.com https://maps.googleapis.com https://bat.bing.com https://*.demio.com https://d3s4clg74dg0wr.cloudfront.net https://zapier.com https://plausible.io; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.gstatic.com https://c.disquscdn.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com https://*.demio.com; img-src 'self' https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://referrer.disqus.com https://c.disquscdn.com https://www.google.nl https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://bat.bing.com https://zapier.com https://cdn.zapier.com data:; object-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://bat.bing.com https://www.google-analytics.com https://www.gstatic.com https://moneybird.com https://glitter.services.disqus.com https://homerun.co https://stats.g.doubleclick.net https://*.demio.com https://plausible.io/; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://disqus.com https://www.youtube.com https://www.youtube-nocookie.com https://moneybird.clickwebinar.com https://w.soundcloud.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://moneybird.com/csp_report 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net js.usemessages.com connect.facebook.net https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.gstatic.com www.verasafe.com *.hsforms.net *.hsforms.com js.hsleadflows.net www.recaptcha.net js.hs-banner.com ; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com fonts.googleapis.com; img-src 'self' img.youtube.com i.ytimg.com track.hubspot.com www.google.com www.google.co.in www.google-analytics.com stats.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.cloudfront.net *.hsforms.com *.linkedin.com px.ads.linkedin.com p.adsymptotic.com; media-src 'self' *.youtube.com ; frame-src 'self' *.youtube.com staticxx.facebook.com forms.hsforms.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com www.recaptcha.net; frame-ancestors 'self' *.youtube.com ; child-src 'self' *.youtube.com ; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.googlevideo.com api.hubspot.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com forms.hubspot.com; report-uri /report-csp-violation 2
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com api.razorpay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com cdn.razorpay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com lumberjack.razorpay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.cloudflare.com *.sfdcstatic.com *.gstatic.com 'self' data: *.myafterpay.com *.psp.com *.googletagmanager.com *.v-psp.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://qlfbrands.my.salesforce.com *.gstatic.com *.myafterpay.com *.psp.com *.googletagmanager.com *.v-psp.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.cloudflare.com *.keurmerk.info *.pinterest.com 'self' data: *.gstatic.com *.googleapis.com *.trustedshops.com *.myafterpay.com *.psp.com *.googletagmanager.com *.v-psp.com 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.adyen.com *.cloudflare.com *.webeyez.com *.trustedshops.com https://connect.ekomi.de *.salesforce.com *.googletagmanager.com *.salesforceliveagent.com https://qlfbrands.my.salesforce.com *.googleapis.com *.pinterest.com *.myafterpay.com *.psp.com *.v-psp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.fontawesome.com https://qlfbrands.my.salesforce.com *.gstatic.com *.myafterpay.com *.psp.com *.googletagmanager.com *.v-psp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.cloudflare.com *.webeyez.com *.trustedshops.com *.gstatic.com *.etrusted.com *.myafterpay.com *.psp.com *.googletagmanager.com *.v-psp.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.w3.org data: *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
report-uri https://sentry.pressly.io/api/66/csp-report/?sentry_key=d0e35ce9d59a42b8b1ec472c0792de84; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:3000 http://dev.pressly.io about: data: https: 2
default-src 'self'; script-src 'self' 'sha256-MdC6fOvaO+dJENLQhOoRht9sHSJ++GoMxjtC5lOpUww=' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; style-src 'self' 'report-sample'; img-src *; base-uri 'none'; object-src 'none'; report-uri https://ryanseddon.report-uri.com/r/d/csp/reportOnly; report-to csp-endpoint; 2
default-src 'unsafe-inline' 'unsafe-eval' data: https:; 2
font-src fonts.googleapis.com fonts.gstatic.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.criteo.com https://*.criteo.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.google.com https://googleads.g.doubleclick.net https://assets.braintreegateway.com https://*.kaptcha.com https://vars.hotjar.com https://c.paypal.com https://ez-prints.sjv.io https://target-prints.pxf.io *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://*.criteo.com https://c.bing.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://secure.adnxs.com https://ads.yahoo.com/ https://*.analytics.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://r.casalemedia.com https://s.ad.smaato.net https://*.aralego.com https://rtb-csync.smartadserver.com https://simage2.pubmatic.com https://*.taboola.com https://pixel.advertising.com https://us-u.openx.net https://contextual.media.net https://match.sharethrough.com https://ad.360yield.com https://tg.socdm.com https://*.stickyadstv.com https://tags.bluekai.com https://cw.addthis.com https://trends.revcontent.com https://email.traversedlp.com https://idsync.rlcdn.com https://*.dotomi.com https://jadserve.postrelease.com https://match.adsrvr.org https://ade.clmbtech.com https://tapestry.tapad.com https://nep.advangelists.com https://ad.turn.com https://ums.acuityplatform.com https://ad.yieldlab.net https://sync.ad-stir.com https://matching.ivitrack.com https://ads.yieldmo.com https://stats.g.doubleclick.net https://www.google.com https://s3.amazonaws.com https://apps.ezprints.com https://maps.gstatic.com https://bat.bing.com https://maps.googleapis.com/ https://*.stats.paypal.com https://cdn.klarna.com https://c.paypal.com https://ez-prints.sjv.io https://target-prints.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://www.googletagmanager.com https://sca1.listrakbi.com https://s1.listrakbi.com https://fp.listrakbi.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.criteo.com https://*.criteo.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://bat.bing.com https://ajax.cloudflare.com https://www.googleadservices.com https://*.hotjar.com https://*.paypal.com https://*.braintreegateway.com/ https://d.impactradius-event.com https://cdn.listrakbi.com https://s1.listrakbi.com https://at1.listrakbi.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdn.listrakbi.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com https://*.sandbox.braintree-api.com https://*.braintree-api.com https://client-analytics.braintreegateway.com https://stats.g.doubleclick.net/ https://*.hotjar.com wss://*.hotjar.com https://www.paypal.com https://ez-prints.sjv.io https://target-prints.pxf.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.nosto.com *.nos.to *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.nosto.com *.nos.to *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; report-uri https://almexx.report-uri.io/r/default/csp/reportOnly 2
font-src *.typekit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com static.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.paulandshark.com paulandshark.com *.typekit.net www.google.it www.google.com bat.bing.com www.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.typekit.net *.klarnaservices.com www.googletagmanager.com *.tradedoubler.com static.hotjar.com bat.bing.com script.crazyegg.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.klarnauserservices.com *.klarnaservices.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net script.crazyegg.com https://geoip-js.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com *.typekit.net *.gstatic.com *.googleapis.com *.bazaarvoice.com *.xisecurenet.com data: acsbap.com acsbapp.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es api.bazaarvoice.com stg.api.bazaarvoice.com *.facebook.com *.takemefishing.org 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.magentocommerce.com *.adobedtm.com *.cardinalcommerce.com *.bazaarvoice.com *.google.com *.youtube.com *.facebook.com *.xisecurenet.com *.paymetric.com *.doubleclick.net *.fishbrain.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com *.klaviyo.com *.googleadservices.com *.google-analytics.com *.paypal.com data: *.zebco.com *.magentocommerce.com *.adobedtm.com *.cardinalcommerce.com *.google.com *.doubleclick.net *.gstatic.com *.facebook.com insight.adsrvr.org *.xisecurenet.com *.bazaarvoice.com *.googletagmanager.com ib.adnxs.com pixel.advertising.com match.adsrvr.org *.yahoo.com pixel.rubiconproject.com *.bidswitch.net dsum-sec.casalemedia.com *.googleapis.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.typekit.net/ *.pixriot.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://static.klaviyo.com https://fast.a.klaviyo.com *.bazaarvoice.com *.google-analytics.com *.gstatic.com *.magentocommerce.com *.cardinalcommerce.com *.google.com *.googletagmanager.com *.googleapis.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.facebook.net *.xisecurenet.com *.newrelic.com bam.nr-data.net *.experticity.com *.iesnare.com *.typekit.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com display.ugc.bazaarvoice.com *.typekit.net/ *.fonts.net *.googleapis.com *.gstatic.com *.bazaarvoice.com *.xisecurenet.com *.klaviyo.com *.myfonts.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klaviyo.com *.paypal.com *.magentocommerce.com *.adobedtm.com *.cardinalcommerce.com *.google.com *.google-analytics.com acsbap.com *.acsbap.com acsbapp.com *.acsbapp.com accessibe.com *.accessibe.com *.xisecurenet.com *.bazaarvoice.com *.experticity.com bam.nr-data.net *.facebook.net cdn.acsbap.com cdn.acsbapp.com google-analytics.com stats.g.doubleclick.net *.pixriot.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
worker-src blob:; font-src *.fontawesome.com *.narvar.com *.narvar.qa https://cdnjs.cloudflare.com *.cloudflare.com *.typekit.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.twitter.com *.youtube.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.googletagmanager.com *.facebook.com *.hotjar.com *.twitter.com *.demdex.net *.doubleclick.net *.test.adyen.com *.live.adyen.com https://www.youtube.com *.youtube.com *.vimeo.com *.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.narvar.com *.narvar.qa https://s.ytimg.com *.ytimg.com *.magentocommerce.com *.paypal.com *.cloudfront.net *.amazon.com *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.bigcontent.io *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.emdex.net *.everesttech.net data: *.avada.io *.visualwebsiteoptimizer.com *.bing.com *.facebook.com *.quantserve.com *.doubleclick.net *.google.com *.google.be *.google.co.in *.omtrdc.net *.demdex.net *.dickieslife.com *.amasty.com http://fulluat-vfc.cs87.force.com *.test.adyen.com *.live.adyen.com blob: *.googletagmanager.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com *.avada.io https://cdnjs.cloudflare.com *.google.com *.googletagmanager.com *.googleadservices.com *.hotjar.com *.cookielaw.org *.pingdom.net *.cardinalcommerce.com *.onetrust.com *.facebook.net *.bing.com *.visualwebsiteoptimizer.com *.authorize.net *.braintreegateway.com *.signifyd.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada-popup.min.js *.quantserve.com *.quantcount.com *.doubleclick.net *.webgains.io *.salesforceliveagent.com *.gstatic.com *.webgains.com https://w-it.m-t.io *.googleapis.com *.test.adyen.com *.live.adyen.com *.vimeocdn.com *.datadoghq-browser-agent.com *.datadoghq.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cookielaw.org *.pingdom.net *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.com *.amazonpay.jp mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.avada-popup.min.js *.emdex.net *.everesttech.net *.doubleclick.net www.google-analytics.com *.avada.io *.visualwebsiteoptimizer.com *.hotjar.com *.paypal.com *.paypalobjects.com *.demdex.net *.hotjar.io *.bing.com *.adyen.com *.test.adyen.com *.live.adyen.com https://www.youtube.com *.youtube.com *.onetrust.com *.go-mpulse.net *.akstat.io/ *.datadoghq-browser-agent.com *.datadoghq.eu 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.authorize.net www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.sagepay.com https://js.klevu.com http://js.klevu.com https://fonts.gstatic.com http://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.sagepay.com https://widget.trustpilot.com http://widget.trustpilot.com https://lpcdn.lpsnmedia.net http://lpcdn.lpsnmedia.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.paypal.com *.sagepay.com https://cdn-images.mailchimp.com http://cdn-images.mailchimp.com https://connect.nosto.com http://connect.nosto.com https://js.klevu.com http://js.klevu.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.sagepay.com https://www.fencestore.co.uk http://www.fencestore.co.uk https://www.shedstore.co.uk http://www.shedstore.co.uk https://www.buyfencingdirect.co.uk http://www.buyfencingdirect.co.uk https://www.buyshedsdirect.co.uk http://www.buyshedsdirect.co.uk https://www.buylogcabinsdirect.co.uk http://www.buylogcabinsdirect.co.uk https://www.greatlittlegarden.co.uk http://www.greatlittlegarden.co.uk https://www.bmgardenbuildings.co.uk http://www.bmgardenbuildings.co.uk https://js.klevu.com http://js.klevu.com https://accdn.lpsnmedia.net http://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net http://lpcdn.lpsnmedia.net https://lptag.liveperson.net http://lptag.liveperson.net https://lo.v.liveperson.net http://lo.v.liveperson.net https://connect.nosto.com http://connect.nosto.com https://widget.trustpilot.com http://widget.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sagepay.com https://www.fencestore.co.uk http://www.fencestore.co.uk https://www.shedstore.co.uk http://www.shedstore.co.uk https://www.buyfencingdirect.co.uk http://www.buyfencingdirect.co.uk https://www.buyshedsdirect.co.uk http://www.buyshedsdirect.co.uk https://www.buylogcabinsdirect.co.uk http://www.buylogcabinsdirect.co.uk https://www.greatlittlegarden.co.uk http://www.greatlittlegarden.co.uk https://www.bmgardenbuildings.co.uk http://www.bmgardenbuildings.co.uk https://fonts.googleapis.com http://fonts.googleapis.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://js.klevu.com http://js.klevu.com https://cdn-images.mailchimp.com http://cdn-images.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.youtube.com js.braintreegateway.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src data: *.gstatic.com 'self' data: 'unsafe-inline' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.pmnts-sandbox.io *.doubleclick.net *.vimeo.com *.hotjar.com *.clickmeter.com wss://*.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com *.klarnacdn.net *.klarnaservices.com *.facebook.com *.pinterest.com *.facebook.com/tr *.google.com *.google.com.au *.roymorgan.com *.doubleclick.net data: *.facebook.net *.googleapis.com *.gstatic.com *.zipmoney.com.au *.imgix.net 'self' 'unsafe-inline'; script-src *.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com js.braintreegateway.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.abtasty.com *.facebook.net *.googletagmanager.com *.google.com *.google.com.au *.pmnts.io *.pmnts-sandbox.io *.afterpay.com *.doubleclick.net *.pinimg.com *.particularaudience.com *.cfjump.com *.roymorgan.com *.cloudfront.net *.forter.com *.usabilla.com wss://widget-mediator.zopim.com *.hotjar.com *.attraqt.io *.newrelic.com *.js-agent.newrelic.com *.nr-data.net *.klarnacdn.net *.braintreegateway.com *.cardinalcommerce.com *.ccdc02.com *.ytimg.com *.googleadservices.com *.google-analytics.com *.zipmoney.com.au *.gstatic.com *.googleapis.com *.paypal.com *.paypalobjects.com *.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com *.static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com *.abtasty.com *.zdassets.com *.youtube.com *.facebook.com *.pinterest.com *.google.com *.google.com.au *.cardinalcommerce.com *.cloudfront.net/ *.luckyorange.net *.google-analytics.com *.forter.com wss://*.zopim.com *.doubleclick.net *.attraqt.io *.zipmoney.com.au *.hotjar.io wss://*.hotjar.com *.zip.co *.nr-data.net *.hotjar.com *.trurating.com *.analytics.tiktok.com wss://*.forter.com *.paypal.com *.zendesk.com 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; report-uri /_/tools/cspr.php 2
font-src use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.fontawesome.com *.cloudflare.com *.typekit.net *.gstatic.com *.trustedshops.com *.bootstrapcdn.com *.yotpo.com *.intercomcdn.com *.smct.co smct.co *.smct.io 'self' data: *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com swellrewards.com cdn.swellrewards.com *.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com swellrewards.com cdn.swellrewards.com *.youtube.com *.smct.co smct.co *.smct.io *.veinteractive.com *.google.com *.google.co.uk *.doubleclick.net *.g.doubleclick.net *.hotjar.com *.zenaps.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com swellrewards.com cdn.swellrewards.com www.xtento.com cdn.xtento.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu *.bing.com *.smct.co smct.co *.smct.io *.amazonaws.com *.s3.amazonaws.com *.atdmt.com *.g.doubleclick.net *.facebook.net *.googletagmanager.com *.gstatic.com *.google.com *.google.co.uk *.googleusercontent.com 'unsafe-inline' data: *.klaviyo.com *.a.klaviyo.com *.kaltura.com *.cloudfront.net *.awin1.com *.zenaps.com *.volvelle.tech *.bidswitch.net *.veinteractive.com 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com swellrewards.com cdn.swellrewards.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://fast.a.klaviyo.com *.googletagmanager.com *.facebook.net *.avada.io *.cloudflare.com googleads.g.doubleclick.net *.gstatic.com *.google.com *.bing.com *.trustedshops.com *.usercentrics.eu *.scarabresearch.com *.cloudfront.net *.dwin1.com *.criteo.com *.criteo.net *.veinteractive.com *.smct.co smct.co *.smct.io *.civiccomputing.com *.cdn.civiccomputing.com cc.cdn.civiccomputing.com *.hotjar.com *.intercom.io *.intercomcdn.com *.kaltura.com *.klaviyo.com *.a.klaviyo.com *.sciencebehindecommerce.com *.zenaps.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com swellrewards.com cdn.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.typekit.net *.googleapis.com *.trustedshops.com *.usercentrics.eu www.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net *.gstatic.com *.google.com *.klaviyo.com *.a.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.yotpo.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com swellrewards.com cdn.swellrewards.com *.klaviyo.com *.google-analytics.com *.cloudflare.com *.paypal.com *.adyen.com *.craftyclicks.co.uk *.smct.co smct.co *.smct.io *.veinteractive.com *.scarabresearch.com *.amazonaws.com stats.g.doubleclick.net *.civiccomputing.com *.cdn.civiccomputing.com cc.cdn.civiccomputing.com wss: *.intercom.io *.intercomcdn.com *.a.klaviyo.com *.sciencebehindecommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src https://*.online-metrix.net https://imgs.signifyd.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com https://www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src https://imgs.signifyd.com https://*.online-metrix.net www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com img.youtube.com maps.googleapis.com maps.gstatic.com p.typekit.net *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es data: 'self' 'unsafe-inline'; script-src https://cdn-scripts.signifyd.com https://imgs.signifyd.com jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com maps.googleapis.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://imgs.signifyd.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net vimeo.com *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self';base-uri 'self';block-all-mixed-content;font-src * data:;frame-ancestors 'self';img-src https:;object-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';script-src-attr 'none';style-src https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' dc.services.visualstudio.com *.google.com *.facebook.com wss://*.hotjar.com *.hotjar.com *.hotjar.io s.yimg.com bat.bing.com *.google-analytics.com stats.g.doubleclick.net;frame-src https:;report-uri /csp-report;report-to csp-report 2
default-src 'self' data: reedexpo-service.com *.youtube-nocookie.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' reedexpo-service.com *.googletagmanager.com *.google-analytics.com www.gstatic.com/recaptcha/ www.youtube.com *.ytimg.com www.google.com *.googleapis.com *.google.com www.googleadservices.com www.googletagmanager.com *.cookielaw.org *.onetrust.com connect.facebook.net; style-src 'self' data: 'unsafe-inline'; img-src 'self' data: reedexpo-service.com www.barconvent.com *.cookielaw.org *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.com connect.facebook.net www.google.de www.google.com www.google.at *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' data: *.google-analytics.com reedexpo-service.com *.cookielaw.org *.onetrust.com *.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com fast.fonts.net; media-src 'self' data:; object-src 'self' data:; child-src 'self' data: *.youtube-nocookie.com www.google.com reedexpo-service.com *.google.com; frame-ancestors 'self' data: 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' data: blob: ; report-uri /csp_report 2
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: ;frame-ancestors 'self'; report-uri /csp-violation-report-endpoint/ 2
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.googleapis.com *.yotpo.com 'self' data: *.typekit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.mercadolibre.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com *.yotpo.com *.google.com *.google.com.ar *.facebook.com *.doubleclick.net *.sparta.cl newbalance.cl 'self' data: www.xtento.com cdn.xtento.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net js.braintreegateway.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.fanplayr.com *.facebook.net *.yotpo.com *.newrelic.com *.nr-data.net *.doubleclick.net *.magentosite.cloud *.target2sell.com www.xtento.com cdn.xtento.com *.mlstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.googleapis.com *.sparta.cl *.newbalance.cl *.yotpo.com *.fonts.net *.magentosite.cloud 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net performance.typekit.net commerce.adobe.net qa-api.magedevteam.com commerce-beta.adobe.io *.google-analytics.com *.yotpo.com *.nr-data.net *.target2sell.com *.mercadopago.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://spartacl.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com *.wesupply.xyz 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-xUQcjHXkAfsqgYPp5eXPEjb+c/CcEfnvUxHuSLGcvrc='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 2
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.marcelle.com *.cloudmaestro.com staticw2.yotpo.com widget-mediator.zopim.com *.cloudflare.com acuityplatform.com *.google.com chimpstatic.com www.googletagmanager.com *.google-analytics.com analytics.twitter.com *.facebook.net *.hotjar.com static.zdassets.com platform.instagram.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.zendesk.com *.criteo.net www.youtube.com s.ytimg.com *.criteo.com ajax.googleapis.com api.instagram.com www.instagram.com app.purechat.com widget.surveymonkey.com secure-cdn.mplxtms.com snap.licdn.com *.annabelle.com www.lisewatier.com www.lisewatier.us www.salesgroupemarcelle.com www.googleadservices.com secure.adnxs.com ib.adnxs.com platform.twitter.com s.pinimg.com googleads.g.doubleclick.net static.ads-twitter.com *.queue-it.net marcelle.us5.list-manage.com tpc.googlesyndication.com ws1.postescanada-canadapost.ca 2
default-src self; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk apps.nestle.com apps.nestle.co.uk *.newrelic.com *.betrad.com bam-cell.nr-data.net *.addtoany.com cdnjs.cloudflare.com *.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com  *.serving-sys.com *.igodigital.com connect.facebook.net *.krxd.net *.cloudfront.net *.pricespider.com s.pinimg.com js.adsrvr.org api.tiles.mapbox.com unpkg.com cdn.hypemarks.com *.gigya.com *.ads-twitter.com *.twitter.com cdn.az.ciam.nestle.com *.nestle.com www.gstatic.com www.googleadservices.com *.juicer.io googleads.g.doubleclick.net ds.serving-sys.com; style-src 'self' 'unsafe-inline' *.nestlepurelife.com *.acsitefactory.com fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.fusepump.com *.youtube.com cloud.typography.com  *.acsitefactory.com *.google.com *.nestlewaters.com *.nestlepurelife.com *.pricespider.com d6uvc6aer7eax.cloudfront.net api.tiles.mapbox.com maxcdn.bootstrapcdn.com apps.nestle.co.uk *.juicer.io; img-src 'self' blob: data: *.googleapis.com *.youtube.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.google-analytics.com *.doubleclick.net *.google.com *.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to *.fusepump.com *.evidon.com  *.igodigital.com www.facebook.com *.krxd.net *.nestlewaters.com *.nestlewaters.com ct.pinterest.com d6uvc6aer7eax.cloudfront.net trz.neodatagroup.com insight.adsrvr.org *.pricespider.com kwptg.kantarworldpanel.fr di.rlcdn.com t.co apps.nestle.co.uk *.amazon-adsystem.com *.mookie1.com; frame-src 'self' *.addtoany.com *.youtube.com *.youtu.be *.evidon.com  *.doubleclick.net *.krxd.net *.fusepump.com www.facebook.com insight.adsrvr.org s.amazon-adsystem.com www.contattigrupposanpellegrino.it cdn.hypemarks.com *.gigya.com open.spotify.com www.google.com; frame-ancestors 'self'; child-src 'self' blob: data: *.addtoany.com *.youtube.com *.youtu.be *.evidon.com  *.doubleclick.net *.krxd.net; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com apps.nestle.co.uk static.juicer.io; connect-src 'self' data: *.fusepump.com www.facebook.com *.doubleclick.net *.google-analytics.com  collect.analyze.ly secure-ds.serving-sys.com bam-cell.nr-data.net ct.pinterest.com cdn.hypemarks.com *.mapbox.com apps.nestle.co.uk; report-uri /report-csp-violation 2
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.googleapis.com fonts.gstatic.com *.typekit.net www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://www.google.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.paypal.com https://s.ytimg.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.yotpo.com *.player.vimeo.com *.authorize.net webchat.dotdigital.com *.newrelic.com *.nr-data.net bam.nr-data.net https://www.google.com https://www.gstatic.com cdn.dnky.co api.comapi.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com fonts.googleapis.com www.google-analytics.com *.trackedlink.net *.trackedweb.net *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net *.dotdigital-pages.com webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es geostag.cardinalcommerce.com *.nr-data.net bam.nr-data.net cdn.dnky.co yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.paypal.com www.google-analytics.com *.yotpo.com *.vimeo.com *.player.vimeo.com *.vimeocdn.com *.authorize.net js.braintreegateway.com assets.adobedtm.com secure.authorize.net test.authorize.net webchat.dotdigital.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.fr *.payments-amazon.es *.nr-data.net bam.nr-data.net api.comapi.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com https://*.typekit.net *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net *.klevu.com *.ksearchnet.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.plugins.emarsys.net *.scarabresearch.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com https://*.googleapis.com https://*.typekit.net *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net performance.typekit.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.scarabresearch.com *.eservice.emarsys.net https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net *.klevu.com *.ksearchnet.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
true 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://platform.twitter.com https://plusone.google.com https://facebook.com https://platform.twitter.com https://apis.google.com https://www.google-analytics.com https://secure.gravatar.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com https://www.google.com https://use.fontawesome.com https://stats.wp.com https://s0.wp.com https://ajax.googleapis.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://secure.gravatar.com; img-src 'unsafe-inline' 'self' https://pixel.wp.com https://www.google-analytics.com https://stats.g.doubleclick.net data:; font-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://use.fontawesome.com https://fonts.gstatic.com https://wordpress.com data:; frame-src 'self' https://www.google.com; 2
media-src https://*.yahoo.com https://*.amazonaws.com https://*.smushcdn.com https://*.usemessages.com https://*.facebook.com https://*.google.com https://*.vimeo.com https://*.fbcdn.net https://*.instagram.com https://*.cloudfront.net https://www.harvestbyhillwood.com; img-src https://*.g.doubleclick.net https://*.google-analytics.com https://*.typekit.net https://*.googleadservices.com https://*.cdninstagram.com https://*.vimeo.com https://*.unionparkbyhillwood.com https://*.analytics.yahoo.com https://*.amazonaws.com https://*.facebook.com https://*.yahoo.com https://*.googleapis.com https://*.fbcdn.net https://*.cloudfront.net https://*.smushcdn.com https://*.google.com https://*.usemessages.com https://*.hubspot.com https://*.harvestbyhillwood.com https://*.s3.us-east-2.amazonaws.com https://*.instagram.com https://www.google.com.ng https://www.google.com.jm https://www.google.ae https://www.google.bj https://forms.hsforms.com https://www.google.com.mt https://www.rossperot.com https://pixel.spotify.com https://www.google.ca https://www.google.am https://www.google.co.jp https://connect.facebook.net https://www.google.co.uk https://www.google.com.mx https://googletagmanager.com; object-src https://*.smushcdn.com; worker-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.smushcdn.com https://*.yahoo.com https://*.facebook.com https://*.vimeo.com https://*.hsforms.com https://*.twitter.com https://*.googleapis.com https://*.g.doubleclick.net https://*.usemessages.com https://*.hsforms.net https://*.amazonaws.com https://*.googleadservices.com https://*.cloudflare.com https://*.yahooapis.com https://*.wishpond.net https://*.harvestbyhillwood.com https://*.cloudfront.net https://*.typekit.net https://*.instagram.com https://*.smarttouchinteractive.com https://*.fbcdn.net https://*.hs-analytics.net https://*.google.com https://*.hs-scripts.com https://www.rossperot.com https://www.google-analytics.com https://connect.facebook.net https://us.jsagent.tcell.insight.rapid7.com/; manifest-src 'none'; style-src 'unsafe-inline' 'unsafe-eval' https://*.facebook.com https://*.cloudflare.com https://*.wishpond.net https://*.typekit.net https://*.harvestbyhillwood.com https://*.fbcdn.net https://*.usemessages.com https://*.vimeo.com https://*.googleapis.com https://*.google.com https://*.cloudfront.net https://*.hsforms.net https://*.facebook.net https://*.yahoo.com https://*.s3.us-east-2.amazonaws.com https://*.smushcdn.com https://use.fontawesome.com https://www.rossperot.com; font-src https://*.amazonaws.com https://*.typekit.net https://*.cloudflare.com https://*.harvestbyhillwood.com https://*.facebook.com https://*.googleapis.com https://*.fontawesome.com/ https://*.gstatic.com https://*.instagram.com https://*.usemessages.com https://*.google.com https://*.unionparkbyhillwood.com https://*.fbcdn.net https://www.rossperot.com https://use.fontawesome.com; child-src https://*.amazonaws.com https://*.fbcdn.net https://*.smushcdn.com https://*.wishpond.net https://*.vimeo.com https://*.googleapis.com https://*.instagram.com https://*.google.com https://*.g.doubleclick.net https://*.newhomesource.com https://*.yahoo.com https://*.facebook.com https://*.twitter.com https://*.usemessages.com https://www.youtube.com https://tpc.googlesyndication.com https://us.browser.tcell.insight.rapid7.com/ https://www.harvestbyhillwood.com https://forms.hsforms.com https://www.googletagmanager.com https://js.hscollectedforms.net; frame-src https://*.amazonaws.com https://*.fbcdn.net https://*.smushcdn.com https://*.wishpond.net https://*.vimeo.com https://*.googleapis.com https://*.instagram.com https://*.google.com https://*.g.doubleclick.net https://*.newhomesource.com https://*.yahoo.com https://*.facebook.com https://*.twitter.com https://*.usemessages.com https://www.youtube.com https://tpc.googlesyndication.com https://us.browser.tcell.insight.rapid7.com/ https://www.harvestbyhillwood.com https://forms.hsforms.com https://www.googletagmanager.com https://js.hscollectedforms.net; connect-src https://*.google-analytics.com https://*.fbcdn.net https://*.google.com https://*.rapid7.com https://*.amazonaws.com https://*.luckyorange.net https://*.g.doubleclick.net https://*.facebook.com https://*.googleapis.com https://*.wishpond.com https://*.wishpond.net https://*.typekit.net https://*.usemessages.com https://*.appspot-preview.com https://*.hubspot.com https://*.instagram.com https://*.yahoo.com https://*.smarttouchinteractive.com https://forms.hsforms.com https://us.agent.tcell.insight.rapid7.com https://www.harvestbyhillwood.com https://www.rossperot.com/API https://us.browser.tcell.insight.rapid7.com/ wss://artisan.wishpond.com https://www.rossperot.com; report-uri https://us.browser.tcell.insight.rapid7.com/csp/aa5bbd91507dda7a8397cea89fd82702e468f304257671754f49705597e2396b?sid=1c7f387af2656a4e54ec4ab5ba99b6f2&rid=lXbTXcbABvD-5E099SGd6JADZ7bwZqeJxRH9XhU6WMk 2
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.fontawesome.com 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com https://www.youtube.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com *.pixriot.com *.storeimaging.com *.yotpo.com 'self' data: data: https://cdn.cookielaw.org/ https://widgets.trustedshops.com/ www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com cdn-scripts.signifyd.com www.youtube.com *.plugins.emarsys.net *.scarabresearch.com *.yotpo.com *.google.com *.gstatic.com https://cdn.cookielaw.org/ https://widget.trustpilot.com/ https://invitejs.trustpilot.com/ https://widgets.trustedshops.com/ www.googletagmanager.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.yotpo.com *.googleapis.com *.fontawesome.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.scarabresearch.com *.eservice.emarsys.net *.pixriot.com *.storeimaging.com *.yotpo.com *.google-analytics.com https://cdn.cookielaw.org/ 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: android-webview-video-poster:; font-src * data:; connect-src *; media-src * blob:; frame-src * blob:; worker-src 'self' blob:; frame-ancestors https://commentsold.com; form-action 'self' www.facebook.com tr.snapchat.com; object-src 'none'; manifest-src *; child-src 'self' blob:; report-uri https://o43862.ingest.sentry.io/api/239693/security/?sentry_key=deb2fc6b7d104f7ea6241356c26c14d0 2
font-src js.klevu.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.google.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com *.nosto.com js.klevu.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.crafterscompanion.co.uk www.crafterscompanion.com www.crafterscompanion.eu *.nos.to 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com polyfill.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.nosto.com js.klevu.com www.dwin1.com www.google.com www.gstatic.com www.googletagmanager.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com js-agent.newrelic.com bam.nr-data.net *.nos.to 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com js.klevu.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.nosto.com js-agent.newrelic.com bam.nr-data.net *.nos.to 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.nosto.com *.nos.to yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.nosto.com *.nos.to https://www.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.nosto.com *.nos.to yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.nosto.com *.nos.to https://www.google.com https://www.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.nosto.com *.nos.to yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.nosto.com *.nos.to yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.google.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.googleapis.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.narvar.com *.narvar.qa *.sensefuel.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.narvar.com *.narvar.qa *.cloudinary.com *.cloudfront.net *.dnd.fr data: *.eden-park.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.facebook.net *.googletagmanager.com *.sensefuel.com *.nosto.com *.socloz.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sensefuel.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.sensefuel.com *.instagram.com *.nosto.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.fontawesome.com fonts.gstatic.com *.nxedge.io 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com https://www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.paypalobjects.com *.terrapinlogo.com *.constantcontactpages.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.nxedge.io *.constantcontactpages.com *.stats.paypal.com *.paypal.com *.terrapinlogo.com *.daumling.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io www.google.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nxedge.io *.ctctcdn.com *.gstatic.com *.paypal.com cdnjs.cloudflare.com *.terrapinlogo.com *.daumling.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.nxedge.io *.googleapis.com static.ctctcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.nxedge.io as.terrapinlogo.com *.google-analytics.com *.doubleclick.net *.ctctcdn.com *.sandbox.braintreegateway.com *.sandbox.braintree-api.com *.braintreegateway.com *.paypal.com *.paypalobjects.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
frame-src *; script-src * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'strict-dynamic' 'report-sample'; script-src-attr * 'unsafe-inline' 'unsafe-hashes' 'report-sample'; script-src-elem * 'unsafe-inline' 'report-sample'; style-src * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'report-sample'; style-src-attr * 'unsafe-inline' 'unsafe-hashes' 'report-sample'; style-src-elem * 'unsafe-inline' 'report-sample'; frame-ancestors 'none' 2
default-src 'none'; font-src 'self' https:; img-src 'self' https: data: blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; frame-src 'self' https:; media-src 'self' https:; object-src 'self' https: blob:; worker-src 'self' https: blob:; report-uri /csp_violation_report 2
font-src *.gstatic.com *.addtoany.com *.hotjar.com *.hotjar.io *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.addtoany.com *.hotjar.com *.hotjar.io *.hsforms.com *.google.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.youtube.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es data: *.paypal.com *.hubspot.com *.hotjar.com *.hotjar.io wss://*.hotjar.com amcglobal.sc.omtrdc.net *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.gstatic.com *.addtoany.com *.hotjar.com *.hotjar.io *.hsforms.com *.hsforms.net *.hs-scripts.com *.hsleadflows.net *.hs-analytics.net *.hs-banner.com *.google.com *.braintreegateway.com *.paypal.com amcglobal.sc.omtrdc.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com amcglobal.sc.omtrdc.net cdn.dnky.co webchat.dotdigital.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.hubspot.com *.google.com hubspot-forms-static-embed.s3.amazonaws.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.hs-banner.com amcglobal.sc.omtrdc.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
font-src *.relaxdays.com *.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://www.sandbox.paypal.com www.facebook.com www.paypal.com ct.pinterest.com *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://www.googletagmanager.com/ www.google.com tpc.googlesyndication.com www.youtube.com www.youtube-nocookie.com www.facebook.com ct.pinterest.com *.sibforms.com *.amazon.de *.payments-amazon.de api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.it-recht-kanzlei.de *.relaxdays.com data: i.pinimg.com log.pinterest.com ct.pinterest.com *.g.doubleclick.net www.google.com www.google.de www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.fr www.google.co.uk www.googletagmanager.com *.gstatic.com *.googleusercontent.com www.facebook.com connect.facebook.com *.cloudfront.net bat.bing.com *.ssl-images-amazon.de *.media-amazon.de 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.relaxdays.com assets.pinterest.com widgets.pinterest.com s.pinimg.com www.googletagmanager.com tagmanager.google.com www.google.com www.gstatic.com www.google.de connect.facebook.net googleads.g.doubleclick.net tpc.googlesyndication.com bat.bing.com *.payments-amazon.de api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.relaxdays.com tagmanager.google.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src *.relaxdays.com 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.relaxdays.com 'self' 'unsafe-inline'; manifest-src *.relaxdays.com 'self' 'unsafe-inline'; connect-src *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.relaxdays.com www.google-analytics.com www.google.com *.g.doubleclick.net www.facebook.com log.pinterest.com ct.pinterest.com www.paypalobjects.com www.sandbox.paypal.com www.paypal.com bat.bing.com *.amazon.de *.amazonpay.de mws.amazonservices.de api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; report-uri https://relaxdays.com/_csp_report_; report-to report-endpoint; 2
default-src self; frame-ancestors 'self' 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.fixando.com/ https://cdn.fixando.com/ https://pics.fixando.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googletagservices.com/ https://www.googleadservices.com/ https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com/ https://adservice.google.com.pk/ https://adservice.google.com.br/ https://adservice.google.com.py/ https://adservice.google.com.do/ https://adservice.google.com/ https://adservice.google.pt/ https://adservice.google.nl/ https://adservice.google.cl/ https://adservice.google.it/ https://adservice.google.pl/ https://adservice.google.no/ https://adservice.google.fr/ https://adservice.google.bg/ https://adservice.google.es/ https://adservice.google.se/ https://adservice.google.be/ https://adservice.google.de/ https://adservice.google.ch/ https://adservice.google.hu/ https://adservice.google.ie/ https://adservice.google.lu/ https://adservice.google.ru/ https://adservice.google.be/ https://adservice.google.co.uk/ https://adservice.google.co.ao/ https://adservice.google.co.in/ https://partner.googleadservices.com/ https://maps.googleapis.com/ https://optimize.google.com/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://pubads.g.doubleclick.net/ https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://www.facebook.com/ https://connect.facebook.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.jsdelivr.net/ https://ageas.fixando.com/ https://mambo.mundoageas.pt/ https://static.zdassets.com/ https://d2wy8f7a9ursnm.cloudfront.net/ https://apis.google.com/ https://tagmanager.google.com/ 2
report-uri https://www.yelp.com/csp_report_only?id=32b623632f440714&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1627695303; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src https: data: blob: android-webview-video-poster: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reports/; 1
script-src 'nonce-8cyasBAZX7YSPgRM5OzEAQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=5044e1679de88b4f851d8091d8074737 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-MjQ4Mjk4MTg2MCwzMzY4NzQ1NzU4'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/android 1
default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-22ecc111-3fb6-4dcf-bcda-4a156ac9a43e' 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*;report-uri https://ort.wellsfargo.com/reporting/csp 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-CJyZvBujc0ABdmFU02XBmUqHVR2B/Z' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1
default-src 'self'; base-uri 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-FOKHkA9rIh6UcbMwb5sSsw=='; style-src 'self' http: https: blob:  'unsafe-inline'; connect-src 'self' http: https: data:; media-src 'self' http: https: blob: data:; frame-ancestors app.optimizely.com; frame-src 8294363.fls.doubleclick.net 9355701.fls.doubleclick.net a5935064.cdn.optimizely.com app.optimizely.com app-sjn.marketo.com b.company-target.com bid.g.doubleclick.net c1.adform.net www.facebook.com fast.wistia.com fast.wistia.net js.driftt.com widget.drift.com platform.twitter.com www.slideshare.net tpc.googlesyndication.com www.linkedin.com; font-src 'self' data: https: du7782fucwe1l.cloudfront.net fonts.gstatic.com js.driftt.com; img-src data: http: https: cdn.optimizely.com maps.gstatic.com; object-src 'none'; prefetch-src 'self' *.episerver.com; report-uri https://cspreporter.optimizely.com/report/f2ef3de9-4cc8-4389-9b7c-6347689923e0 1
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 1
script-src 'self' 'unsafe-inline' 'nonce-Iq2tECnZ8wg4PYpaxaZ0Lx5awlgEHCov' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://resource.digital.voice.va.gov https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://*.ytimg.com https://cdn.botframework.com 'strict-dynamic' nonce-Iq2tECnZ8wg4PYpaxaZ0Lx5awlgEHCov; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com https://dvp-oauth-application-directory-logos.s3-us-gov-west-1.amazonaws.com https://i.ytimg.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; frame-src https://dap.digitalgov.gov https://resource.digital.voice.va.gov https://www.googletagmanager.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://events.mapbox.com https://www.google-analytics.com http://*.vetsgov-internal https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com https://search.usa.gov ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content  ; form-action 'self' https://vicbdc.vba.va.gov https://vaww.vicbdc.ppd.vba.va.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ; 1
frame-ancestors 'self' https://*.filimo.com/; block-all-mixed-content; default-src 'self' https://*.filimo.com/; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://static.cloudflareinsights.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://mc.yandex.com/ https://recaptcha.net/ https://cdn.ampproject.org/ https://*.filimo.com/ https://www.gstatic.com/ https://client.crisp.chat/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://d31qbv1cthcecs.cloudfront.net/ https://www.googletagmanager.com/; style-src 'self' 'report-sample' 'unsafe-inline' data: https://fonts.googleapis.com/ https://*.filimo.com/ https://client.crisp.chat/; object-src 'self'; frame-src *; child-src blob: https://*.filimo.com/; img-src data: blob: * file: android-webview-video-poster:; font-src 'self' data: wss: https:; connect-src *; manifest-src https://*.filimo.com/; base-uri 'self'; form-action data: https://www.facebook.com/ https://*.filimo.com/ https://*.shaparak.ir/; media-src data: blob: *; worker-src blob: https://*.filimo.com/; report-uri https://gate.rapidsec.net/g/r/csp/65d48d31-dc15-445b-9c79-23d886ab7c98/0/6/3?sct=565e133b-d067-4878-9f1a-6412ff3bb3db&dpos=report 1
script-src 'nonce-UqfZmOQvXx3McKt0jOMj0A' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
object-src *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:;frame-src 'self' sinaweibo: weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn sinanews: sinanewslite: intent: se5bed38c567feb2a: sb5750862870e1cc2: sdc77698a60e45368: sb2623a3919ed77d3: s3d4cfbed31875e1c: sc876cbd9ae34e814: sdf08f19582289581: sc640c3792845ba3e: se8525a4dbfaa192b: sb5261983836bde16: sinablog: sinanewapmwebview: sinanewsdirect: sinafinance:; script-src 'self' 'unsafe-inline' 'unsafe-eval' weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn *.qchannel03.cn *.qihucdn.com *.qhres.com *.sinajs.cn *.leju.com *.qq.com qzonestyle.gtimg.cn; report-uri https://logger.sina.cn/report; 1
default-src data: blob: *.fbcdn.net *.facebook.com *.fbsbx.com connect.facebook.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *.fbcdn.net;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.doubleclick.net *.fbsbx.com;font-src fonts.gstatic.com *.fbsbx.com;frame-src www.youtube.com *.twitter.com *.instagram.com *.facebook.com;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/; 1
default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc 1
script-src 'self' https://ajax.aspnetcdn.com https://ajax.googleapis.com https://cdn.rawgit.com https://cdnjs.cloudflare.com https://www.google.com https://www.osha.gov tokenize2.js; script-src-attr 'self'; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com tokenize2.css; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://website.amnesty.local:35729/ https://az416426.vo.msecnd.net/ http://dev.visualwebsiteoptimizer.com/ https://connect.facebook.net/ http://script.crazyegg.com/ http://maps.googleapis.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com http://*.civiccomputing.com/ http://*.hotjar.com http://www.google-analytics.com/; img-src * data:; style-src 'self' 'unsafe-inline' http://hello.myfonts.net/count/2c502a; report-uri /umbraco/api/contentsecuritypolicy/report/ 1
default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.doubleclick.net; font-src 'self' *.typekit.net; frame-src 'self' *.google.com *.marketo.com *.youtube.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com https://www.google.com/ads/ga-audiences *.marketo.com; script-src 'self' 'nonce-FBdUTUNXG/R7migc7EtxtA==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' *.addtoany.com *.bootstrapcdn.com *.marketo.com *.github.com/flurrydev/ *.github.com/ydn/ *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.yimg.com *.bootstrapcdn.com github.githubassets.com/assets/ *.marketo.com *.typekit.net; report-uri /csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-NDE5MzI1NDE4OSwxNTg4OTM1MjQ1'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/about_google 1
script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' login.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikipedia.org en.wiktionary.org en.wikibooks.org en.wikiquote.org en.wikisource.org commons.wikimedia.org en.wikinews.org en.wikiversity.org www.wikidata.org species.wikimedia.org incubator.wikimedia.org en.wikivoyage.org api.wikimedia.org login.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 'report-sample' 'strict-dynamic' https://use.typekit.net 'nonce-xAGrOLCtVcPgC'; style-src 'self' 'unsafe-inline' 'report-sample'; font-src 'self'; img-src 'self' data: 'report-sample' https://s3.amazonaws.com https://eps.images.fr2.criticaljuncture.org https://private.images.fr2.criticaljuncture.org https://images.fr2.criticaljuncture.org https://lede-photos.fr2.criticaljuncture.org https://agency-logos.fr2.criticaljuncture.org https://public-inspection.fr2.criticaljuncture.org https://eps.images.federalregister.gov https://private.images.federalregister.gov https://images.federalregister.gov https://lede-photos.federalregister.gov https://agency-logos.federalregister.gov https://public-inspection.federalregister.gov https://www.google-analytics.com https://www.googletagmanager.com/; form-action 'self' 'report-sample' ; object-src 'none'; connect-src 'self' https://api.honeybadger.io https://www.google-analytics.com https://ekr.zdassets.com https://ofr.zendesk.com https://api.regulations.gov https://uploads-regulations-gov.s3.amazonaws.com; frame-ancestors 'none'; base-uri 'none'; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=&env=production& 1
block-all-mixed-content; frame-ancestors 'self' https://*.rte.ie https://*.rtegroup.ie; report-uri https://rte.report-uri.com/r/t/csp/reportOnly 1
connect-src 'self' 'unsafe-eval'  *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net *.jazz.co *.sentry.io https://sentry.io report-sample;  default-src 'self' blob: data: *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net optimize.google.com *.google.com *.googleoptimize.com *.googletagmanager.com *.sentry.io https://sentry.io report-sample;  font-src 'self' 'unsafe-eval' data: *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net fonts.googleapis.com fonts.gstatic.com report-sample;  frame-src 'self'  *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro  optimize.google.com *.google.com *.googleoptimize.com *.googletagmanager.com *.twimg.com *.twitter.com *.youtube.com report-sample;  img-src 'self' data: blob: 'unsafe-inline' *; media-src 'self' data: blob: 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.typekit.net *.facebook.com *.facebook.net connect.facebook.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net optimize.google.com *.google.com *.googleoptimize.com *.sentry.io https://sentry.io *.twimg.com *.twitter.com report-sample;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  *.typekit.net *.facebook.com *.facebook.net connect.facebook.net *.facebook.com *.facebook.net connect.facebook.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net optimize.google.com *.google.com *.googleoptimize.com *.sentry.io https://sentry.io *.twimg.com *.twitter.com report-sample;  style-src 'self' 'unsafe-eval' 'unsafe-inline'  *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net fonts.googleapis.com fonts.gstatic.com optimize.google.com *.google.com *.googleoptimize.com *.twimg.com *.twitter.com report-sample;  style-src-elem 'self' 'unsafe-eval' 'unsafe-inline'  *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.doubleclick.net fonts.googleapis.com fonts.gstatic.com optimize.google.com *.google.com *.googleoptimize.com *.twimg.com *.twitter.com report-sample;  block-all-mixed-content; report-uri https://sentry.io/api/2983595/security/?sentry_key=21fae161c11a42bb965ab8ccf544f1fd 1
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports 1
base-uri 'self';connect-src 'self' https: wss:;default-src 'self' https: wss: blob: data:;form-action 'self' https:;img-src 'self' https: http://iea.imgix.net https://iea.imgix.net data:;media-src 'self' https: data: http://iea.imgix.net https://iea.imgix.net;object-src 'none';script-src 'self' https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://snap.licdn.com https://www.gstatic.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com 'nonce-HWiSQWBarOrzqTiJPq0NiZm3iow6uZZE';style-src 'self' https: 'unsafe-inline';frame-ancestors 'self' 1
default-src 'self' *.univie.ac.at; font-src 'self' *.univie.ac.at; img-src 'self' *.univie.ac.at; script-src 'self' *.univie.ac.at; style-src 'self' *.univie.ac.at 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.hangseng.com 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net; script-src 'self' *.hangseng.com 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net *.sc.omtrdc.net *.tiqcdn.com www.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net www.googleadservices.com www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com; img-src 'self' *.hangseng.com *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net data: *.doubleclick.net *.tealiumiq.com *.sc.omtrdc.net *.everesttech.net www.google.com www.facebook.com bat.bing.com www.google.co.in www.google.com.hk *.twitter.com *.linkedin.com *.day.com *.adsrvr.org pixel.advertising.com s.amazon-adsystem.com *.analytics.yahoo.com t.co www.google.ca www.googleadservices.com www.google.co.uk tr.outbrain.com www.googletagmanager.com *.lpsnmedia.net p.adsymptotic.com; connect-src 'self' *.hangseng.com *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net bat.bing.com *.tt.omtrdc.net *.sc.omtrdc.net *.tealiumiq.com *.siteintercept.qualtrics.com jsonip.com *.tiqcdn.com; script-src-elem 'self' *.hangseng.com 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.sc.omtrdc.net *.lpsnmedia.net *.tiqcdn.com www.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net www.googleadservices.com www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; child-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.lpsnmedia.net *.doubleclick.net www.google.com www.recaptcha.net *.tealiumiq.com *.tiqcdn.com; frame-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.doubleclick.net *.tealiumiq.com www.google.com *.tiqcdn.com *.lpsnmedia.net www.recaptcha.net; frame-ancestors 'self'; upgrade-insecure-requests ; 1
img-src blob: data: https:; default-src data: blob: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://counter.drom.ru/report/ 1
object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; report-uri https://sentry.io/api/148442/security/?sentry_key=48196e632bb14305ad3fe47c6570e363 1
default-src https: data: blob: wss: 'unsafe-inline' 'self'; report-uri https://o106081.ingest.sentry.io/api/5541142/security/?sentry_key=8784bc3788644ae19b25345fb43cff7a 1
child-src https:; connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.wrike.com https://*.www.wrike.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://youtube.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.6sc.co https://*.app-eu.wrike.com https://*.bizographics.com https://*.google-analytics.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.twitter.com https://*.wrike.com https://*.www.wrike.com https://*.yandex.ru https://api.greenhouse.io https://api.pinterest.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://c.disquscdn.com https://cdn.onesignal.com https://cdn.ravenjs.com https://cdn.syndication.twimg.com https://commondatastorage.googleapis.com/code.snapengage.com/js/ https://connect.facebook.net https://d.adroll.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3rnld1uo6kgq2.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://disqus.com https://fast.wistia.com https://fast.wistia.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://i.simpli.fi https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js https://onesignal.com https://pixel.mathtag.com https://px.airpr.com/airpr.js https://s.adroll.com https://s3.amazonaws.com/r.kissinsights.com/ https://secure.adnxs.com https://snap.licdn.com https://src.litix.io/core/2/mux.js https://sslwidget.criteo.com https://static.ads-twitter.com https://static.criteo.net https://track-mv.com https://turbo.qualaroo.com https://vidassets.terminus.services https://vk.com https://wrike.disqus.com https://wrike.influitive.com https://www.google.com https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.snapengage.com/; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp-global.wrike.com/csp-report?website 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/panoramio 1
script-src 'self' *.concur.com *.concursolutions.com *.concurcdc.cn *.sap.com *.concurmessaging.com *.akamaihd.net *.akamaitechnologies.com *.deploy.akamaitechnologies.com *.deploy.static.akamaitechnologies.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.stats.g.doubleclick.net *.trustarc.com *.prefmgr-cookie.truste-svc.net *.walkme.com *.glancecdn.net *.glance.net *.s3.amazonaws.com s3.amazonaws.com *.salesforceliveagent.com *.cloud.sap *.ondemand.com *.ridecharge.com *.newrelic.com *.nr-data.net 'unsafe-inline' 'unsafe-eval';report-uri /nui/signin/report-violation 1
default-src 'self' *.hsbc.com.hk 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net; script-src 'self' *.hsbc.com.hk 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net *.sc.omtrdc.net *.tiqcdn.com www.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net www.googleadservices.com www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com; img-src 'self' *.hsbc.com.hk *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net data: *.doubleclick.net *.tealiumiq.com *.sc.omtrdc.net *.everesttech.net www.google.com www.facebook.com bat.bing.com www.google.co.in www.google.com.hk *.twitter.com *.linkedin.com *.day.com *.adsrvr.org pixel.advertising.com s.amazon-adsystem.com *.analytics.yahoo.com t.co www.google.ca www.googleadservices.com www.google.co.uk tr.outbrain.com www.googletagmanager.com *.lpsnmedia.net p.adsymptotic.com; connect-src 'self' *.hsbc.com.hk *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net bat.bing.com *.tt.omtrdc.net *.sc.omtrdc.net *.tealiumiq.com *.siteintercept.qualtrics.com jsonip.com *.tiqcdn.com; script-src-elem 'self' *.hsbc.com.hk 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.sc.omtrdc.net *.lpsnmedia.net *.tiqcdn.com www.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net www.googleadservices.com www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; child-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.lpsnmedia.net *.doubleclick.net www.google.com www.recaptcha.net *.tealiumiq.com *.tiqcdn.com; frame-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.doubleclick.net *.tealiumiq.com www.google.com *.tiqcdn.com *.lpsnmedia.net www.recaptcha.net; frame-ancestors 'self'; upgrade-insecure-requests ; 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /1/apitun/security/csp-report; 1
default-src: 'self' https://c.disquscdn.com https://disqus.com script-src: 'self' https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js https://cdn-prod.opendemocracy.net/assets/js/core.min.js https://cdn.datatables.net/1.10.20/js/jquery.dataTables.js https://cdn.syndication.twimg.com/moments/ https://cdn.webpushr.com/app.min.js https://code.jquery.com/jquery-3.4.1.min.js https://comment-talk.comment.opendemocracy.net/assets/js/embed.js https://fast.a.klaviyo.com/media/js/analytics/klaviyo_analytics.js https://matomo.hactar.is/piwik.js https://mc.yandex.ru/metrika/tag.js https://opendemocracy.disqus.com/embed.js https://opendemocracy.disqus.com/combination_widget.js https://platform.twitter.com/widgets.js https://script.hotjar.com/modules.0607bc475b5a3c4f001b.js https://static.hotjar.com/c/hotjar-1946277.js https://static.klaviyo.com/onsite/js/profiling.76e929c1972a7b78f0c4.js https://support.opendemocracy.net/petitions/app.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://surveys-static.survicate.com/widget_core-8.0.5.js https://surveys-static.survicate.com/widget_core-8.0.4.js https://survey.survicate.com/workspaces/fc4c2b19a0dff663c2bee6a5137a3710/web_surveys.js https://cdn-prod.opendemocracy.net/assets/js/share.min.js?d41d8cd9 https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=YjCYwm https://cdn-prod.opendemocracy.net/assets/js/share.min.js?d41d8cd9 https://script.hotjar.com/modules.5d1cad31427a09b055ed.js https://script.hotjar.com/modules.f2a0c48472fc3a6a1664.js https://script.hotjar.com/modules.9dd23155c7d4a9746d0b.js; style-src: 'self' https://c.disquscdn.com https://cdn-prod.opendemocracy.net https://cdn.datatables.net https://platform.twitter.com https://ton.twimg.com; object-src: 'none'; base-uri: 'self'; connect-src: 'self' https://analytics.webpushr.com https://bot.webpushr.com https://fast.a.klaviyo.com https://links.services.disqus.com https://mc.yandex.ru https://stats.g.doubleclick.net https://support.opendemocracy.net https://telemetrics.klaviyo.com https://www.google-analytics.com https://in.hotjar.com https://vc.hotjar.io https://ws9.hotjar.com wss://ws9.hotjar.com; font-src: 'self' https://cdn-prod.opendemocracy.net; frame-src: 'self' https://5050.carto.com https://comment-talk.comment.opendemocracy.net https://desmog.co.uk https://disqus.com https://docs.google.com https://mc.yandex.md https://platform.twitter.com https://syndication.twitter.com https://vars.hotjar.com https://w.soundcloud.com https://www.youtube.com; img-src: 'self' https://a.disquscdn.com https://c.disquscdn.com https://cdn-prod.opendemocracy.net https://cdn.datatables.net https://cdn.viglink.com https://cdn.webpushr.com https://links.services.disqus.com https://matomo.hactar.is https://mc.yandex.com https://mc.yandex.ru https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://ton.twimg.com https://www.google.co.uk https://www.google.com; manifest-src: 'self'; media-src: 'self'; worker-src: 'self'; report-uri /csp/report/; 1
default-src https: 'unsafe-inline'; img-src blob: data: https:; report-uri /csp-violation-report 1
block-all-mixed-content ; report-uri /csp-reports ; report-to csp-endpoint ; default-src 'self' *.prismic.io https://www.google.com/recaptcha/ ; connect-src 'self' *.prismic.io events.mediarithmics.com ; img-src 'self' data: *.prismic.io www.google-analytics.com ib.adnxs.com o.adhslx.com fonts.gstatic.com https://www.gstatic.com/recaptcha/ events.mediarithmics.com cookie-matching.mediarithmics.com x.bidswitch.net pixel.rubiconproject.com simage2.pubmatic.com ; style-src 'self' 'unsafe-inline' www.gstatic.com fonts.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prismic.io www.google-analytics.com www.googletagmanager.com www.gstatic.com https://www.google.com/recaptcha/ static.mediarithmics.com cookie-matching.mediarithmics.com ib.adnxs.com cm.g.doubleclick.net ; font-src 'self' *.prismic.io fonts.gstatic.com 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=AF2M0KC94RCEA:sid=146-0193127-6006234:rid=M43VPW58Z8KRBTHD7KRE:sn=www.acx.com 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.com *.spreadshirt.com ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.com ; font-src 'self' https: data: *.spreadshirt.com ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src https:; base-uri 'self'; script-src 'unsafe-inline' https: 'nonce-hVd3EyOgma2OJA==' 'strict-dynamic' 'unsafe-eval' *.zulily.com 'report-sample'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: blob:; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' *.zulily.com; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations-report-only; 1
default-src 'self' tpc.googlesyndication.com; frame-ancestors 'self'; frame-src 'self' https://staticcdn.co.nz www.youtube.com www.facebook.com connect.facebook.net gsa://onpageload https://d2rf51x5ga9gxp.cloudfront.net https://api.trademe.co.nz/ https://auth.trademe.co.nz https://vimeo.com https://cdn.diakrit.com https://livetour.istaging.com https://storage.googleapis.com https://www.google.com https://www.google.co.nz *.googlesyndication.com *.doubleclick.net *.imrworldwide.com trademe.wufoo.com my.matterport.com *.trademepayments.co.nz https://vars.hotjar.com; font-src 'self' data: *.tmcdn.co.nz fonts.googleapis.com fonts.gstatic.com http://static.hotjar.com https://static.hotjar.com; img-src 'self' data: blob: www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.ggpht.com i.ytimg.com www.facebook.com https://api.trademe.co.nz/ *.tmcdn.co.nz *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie *.googlesyndication.com *.imrworldwide.com *.doubleclick.net *.googleusercontent.com https://insights.hotjar.com http://static.hotjar.com https://static.hotjar.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://staticcdn.co.nz connect.facebook.net www.google-analytics.com www.googletagmanager.com www.googletagservices.com dnn506yrbagrg.cloudfront.net *.googleapis.com www.youtube.com s.ytimg.com script.crazyegg.com *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie www.googleadservices.com *.doubleclick.net *.imrworldwide.com *.googlesyndication.com cdn.ampproject.org http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://*.afterpay.com https://*.newrelic.com https://*.nr-data.net https://frend-assets.freetls.fastly.net/; form-action 'self' trademe.wufoo.com www.facebook.com connect.facebook.net d3f5l8ze0o4j2m.cloudfront.net https://api.trademe.co.nz/; connect-src 'self' https://api.trademe.co.nz/ https://auth.trademe.co.nz *.tmcdn.co.nz sentry.io www.facebook.com www.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.google.co.nz *.google.com.au *.google.cn *.google.com.sg *.google.com.hk *.google.co.za *.google.ca *.google.co.kr *.google.de *.google.com.br *.google.co.id *.google.fr *.google.com.mm *.google.co.ck *.google.com.fj *.google.co.jp *.google.com.vn *.google.co.in *.google.co.ie *.google.cl *.google.com.co *.google.cz *.google.it *.google.co.uk *.google.es *.google.se *.google.lk *.google.mk *.google.com.qa *.google.fi *.google.com.pk *.google.com.sa *.google.ru *.google.ro *.google.ge *.google.com.my *.google.tt *.google.nl *.google.hu *.google.ua *.google.be *.google.sb *.google.lu *.google.tw *.google.sk *.google.co.th *.google.co.zw *.google.pt *.google.co.zm *.google.com.jm *.google.co.il *.google.gr *.google.pl *.google.si *.google.com.ph *.google.to *.google.com.ar *.google.bs *.google.com.eg *.google.hr *.google.mn *.google.dk *.google.lv *.google.com.ng *.google.ae *.google.ch *.google.com.pe *.google.com.tr *.google.com.bo *.google.ws *.google.vg *.google.com.gh *.google.no *.google.at *.google.com.mt *.google.ee *.google.com.mx *.google.com.ec *.google.com.bn *.google.co.tz *.google.vu *.google.com.ag *.google.co.cr *.google.rs *.google.la *.google.is *.google.tn *.google.pg *.google.np *.google.by *.google.im *.google.gg *.google.md *.google.lt *.google.com.pg *.google.mv *.google.com.tw *.google.co.ke *.google.com.kh *.google.com.ni *.google.com.uy *.google.com.pg *.google.com.bd *.google.ie *.doubleclick.net *.googlesyndication.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://*.afterpay.com https://*.nr-data.net; child-src 'self' https://vars.hotjar.com; worker-src 'self' https://vars.hotjar.com; report-uri https://sentry.io/api/1279183/security/?sentry_key=990566bb4d5d4445ae67eba309f51cfd 1
default-src 'self';style-src 'self' 'unsafe-inline' dev.g.alicdn.com g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com g.alicdn.com dev.g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com retcode.alicdn.com cfall.aliyun.com gw.alipayobjects.com ynuf.aliapp.org;connect-src 'self' *.dingtalk.com wss://*.dingtalk.com ynuf.alipay.com dev.g.alicdn.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com ynuf.aliapp.org px-intl.ucweb.com px.ucweb.com gm.mmstat.com preview-lippi-space-zjk.oss-accelerate.aliyuncs.com wgo.mmstat.com wss://alidocs-body.oss-accelerate.aliyuncs.com wss://pre-collab.dingtalk.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com dev.g.alicdn.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: mmstat.alicdn.com res.mmstat.com ynuf.aliapp.org alidocs.oss-cn-zhangjiakou.aliyuncs.com;font-src 'self' at.alicdn.com dev.g.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com kcart.alipay.com preview-lippi-space-zjk.oss-cn-zhangjiakou.aliyuncs.com px-intl.ucweb.com px.ucweb.com alidocs.oss-cn-zhangjiakou.aliyuncs.com;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com tbm-auth.alicdn.com dev.g.alicdn.com g.alicdn.com;report-uri https://csp.dingtalk.com/csp; 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tvsquared.com *.wargaming.net https://*.teads.tv https://*.taboola.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.creative-serving.com 	 https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.tvsquared.com *.taboola.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.googleapis.com https://stackadapt.com https://*.doubleclick.net *.yimg.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
default-src 'self' 'unsafe-inline' *.atbar.org *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk corporate.wordpress.soton.ac.uk blog.soton.ac.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com www.googleadservices.com www.googletagmanager.com *.google-analytics.com connect.facebook.net static.ads-twitter.com j.flxpxl.com hj.flxpxl.com d2hlpp31teaww3.cloudfront.net d1d7fjtb6d4i2m.cloudfront.net analytics.twitter.com ib.adnxs.com www.intelliworkschat.com access.ecs.soton.ac.uk *.atbar.org www.youtube.com s.ytimg.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk stats.wp.com soton.disqus.com stats.wp.com corporate.wordpress.soton.ac.uk blog.soton.ac.uk s0.wp.com use.typekit.net connect.facebook.com platform.twitter.com; font-src 'self' data: ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk use.typekit.net; img-src data: 'self' www.southampton.ac.uk cdn.soton.ac.uk cdn.southampton.ac.uk t.co mpp2.vindicosuite.com *.google-analytics.com *.facebook.com pixel.adsafeprotected.com *.doubleclick.net www.google.com www.google.co.uk *.atbar.org *.issuu.com image.isu.pub www.intelliworkschat.com pixel.wp.com blog.soton.ac.uk platform.twitter.com pbs.twimg.com syndication.twitter.com p.typekit.net d1d7fjtb6d4i2m.cloudfront.net; frame-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; child-src 'self' www.google.com www.google.co.uk www.youtube.com *.issuu.com ddfbm2kt5ml6l.cloudfront.net cdn.soton.ac.uk cdn.southampton.ac.uk; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/googleorg 1
default-src 'self' https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self'; worker-src blob: 'unsafe-inline' 'unsafe-eval' https: http: 'self';connect-src * data: 'self';frame-src http://*.pitchbook.local http://*.wistia.com http://*.jobvite.com http://*.ceros.com http://www.facebook.com https: mailto: tel: ms-appx-web: blob: 'self'; img-src * data: blob: 'self' android-webview-video-poster:; media-src * blob: 'self'; style-src http://*.pitchbook.com http://*.googleapis.com http://*.webspellchecker.net http://*.dynamicyield.com https: 'unsafe-inline' 'self'; font-src http://*.dynamicyield.com http://*.webspellchecker.net http://fonts.gstatic.com https: data: blob: 'self' http://themes.googleusercontent.com chrome-extension: localhost:3000;report-uri /csp/submit 1
upgrade-insecure-requests;default-src 'self'  'nonce-zR5U3I2dKGM=' 'unsafe-inline' 'unsafe-eval' biz-file.com *.google-analytics.com *.effectivemeasure.net *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.googleapis.com *.gstatic.com *.googleadservices.com  adservice.google.com adservice.google.co.za cdn.ampproject.org cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js *.iono.fm;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com cdnjs.cloudflare.com/ajax/libs/font-awesome;font-src 'self' data: *.gstatic.com;img-src 'self' data: biz-file.com *.google-analytics.com *.effectivemeasure.net *.doubleclick.net *.googlesyndication.com www.google.com;frame-ancestors 'self' *.iono.fm; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=34697d5abd64a5d1a8b078ab11c85d3f 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: adservice.google.com.mx adservice.google.com.ua adservice.google.lt adservice.google.com.sa code.jquery.com snap.licdn.com bat.bing.com adservice.google.co.in adservice.google.com.lb adservice.google.az adservice.google.com.sv adservice.google.com.gh adservice.google.com.pr adservice.google.ge songbird.cardinalcommerce.com adservice.google.de adservice.google.com.tr www.google.com www.googleadservices.com adservice.google.co.uk adservice.google.com adservice.google.bg adservice.google.jo widget.replain.cc adservice.google.com.bo cdn.ampproject.org autohelperbot.com tpc.googlesyndication.com connect.facebook.net adservice.google.com.ng www.googleoptimize.com www.googletagservices.com ilc.logisctic.com adservice.google.com.bz cdn.polyfill.io adservice.google.com.jm developer.livehelpnow.net adservice.google.pl www.gstatic.com www.googletagmanager.com ciclonrox.com www.google.com.ng; form-action  www.facebook.com www.copart.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.megabonus.com cdn.livehelpnow.net fonts.gstatic.com static3.avast.com tpc.googlesyndication.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: flex.cybersource.com static.cashforcars.com www.googletagmanager.com pay.google.com www.facebook.com *.googlesyndication.com www.google.com g2auction.copart.com tpc.googlesyndication.com c-static.copart.com fs30.formsite.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: meyerweb.com developer.livehelpnow.net fonts.googleapis.com widget.replain.cc ilc.logisctic.com www.google.com translate.googleapis.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cs.copart.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.google.com adservice.google.com pagead2.googlesyndication.com www.googleadservices.com browser.translate.yandex.net c-static.copart.com attestation.android.com cdn.ampproject.org api.shelf.network www.facebook.com cs.copart.com bat.bing.com adservice.google.com.lb developer.livehelpnow.net r.lr-ingest.io tpc.googlesyndication.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.livehelpnow.net www.google.co.cr www.google.com.om www.google.by c-static.copart.com www.autocheck.com accounts.google.com www.google.nl www.linkedin.com www.google.co.in www.google.kz www.google.com.ua www.google.se www.gstatic.com autohelperbot.com www.google.lt pagead2.googlesyndication.com tpc.googlesyndication.com smetrics.copart.com encrypted-tbn2.gstatic.com www.google.com.ng www.googletagmanager.com px4.ads.linkedin.com www.google.no www.google.ae scaleflex.ultrafast.io www.google.bg www.google.jo www.google.com.gh www.google.com.pr connect.facebook.net ad-lv.copart.com www.google.az assets.replain.cc www.google.ge www.google.ca www.google.com.do www.google.bs www.google.com.bo px.ads.linkedin.com www.google.com.lb www.google.am lh3.googleusercontent.com www.google.com.eg www.google.com www.google.md www.google.com.mx copart.com www.google.com.pa p.adsymptotic.com adservice.google.com www.google.lv www.google.cl www.google.fr www.google.al www.google.com.bz encrypted-tbn3.gstatic.com cdn.megabonus.com developer.livehelpnow.net www.google.de www.google.ru encrypted-tbn1.gstatic.com cs.copart.com encrypted-tbn0.gstatic.com www.google.tm www.google.com.af www.google.kg translate.google.com memberbeta.copart.com www.google.com.ly bat.bing.com www.facebook.com www.google.co.uk; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: widget.replain.cc developer.livehelpnow.net c-static.copart.com; report-uri /csp_report 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-ASj0Rs+GKtpeX9I1OkLUl6fZCSw/me' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
connect-src *; img-src data: blob: *; default-src blob: data: 'nonce-R@nDoM!3' 'unsafe-eval' 'unsafe-inline' 'self' cspreport.php *.go-mpulse.net *.akstat.io *.appdynamics.com *.licdn.com *.google.com *.facebook.net *.yimg.com *.bing.com *.yahoo.com *.ads-twitter.com *.facebook.com *.twitter.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.angularjs.org *.interactivebrokers.com.hk *.interactivebrokers.ch *.interactivebrokers.co.uk *.interactivebrokers.com.au *.interactivebrokers.co.jp *.interactivebrokers.co.in *.interactivebrokers.com *.ibkram.com *.interactiveadvisors.com *.ibkr.com *.ibkr.com.cn *.clientam.com *.clientam.ch *.clientam.com.hk *.covestor.com *.full.cv *.doubleclick.net *.youtube.com *.sitesearch360.com *.ibkr-int.com http://localhost:* *.lr-ingest.io http://dev183:* *.gpsrv.com *.npr.org ms-appx-web://* http://*.interactivebrokers.com *.jsdelivr.net http://nxdevsrv3:30999 *.vimeo.com  http://*.interactivebrokers.ca ms-appx-web://microsoft.microsoftedge ny5webdv1:* http://ny5webdv1:* http://*.dev.ibkr-int.com http://s7.addthis.com  *.interactivebrokers.eu http://nxdevsrv3:8122 zwebsrv1:6443 *.ibkr-int.com:* http://*.ibkr-int.com:* zwebsrv1.prod.ibkr-int.com:6443 *.simplywall.st *.aliyuncs.com  *.googleapis.com *.bootstrapcdn.com css scripts *.interactivebrokers.ie *.interactivebrokers.eu *.interactivebrokers.hu *.interactivebrokers.lu s.go-mpulse.net; report-uri /cspreport.php 1
default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: www.pkobp.pl; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /ikd_img/skins/ipko/grcv; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-MjM0NTM3Mjc2OCwzNTk4Mzg5NTEw'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://*.smallcase.com https://in1.wzrkt.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://cdn4.mxpnl.com https://cdn.mxpnl.com https://static.hotjar.com https://d2r1yp2w7bby2u.cloudfront.net http://static.clevertap.com https://app.link https://script.hotjar.com https://static.hotjar.com https://www.youtube.com/iframe_api https://s.ytimg.com https://apis.google.com https://connect.facebook.net https://checkout.razorpay.com/v1/razorpay.js https://api.razorpay.com https://*.gateway-tt.in https://cdn.segment.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: https://*.tickertape.in http://*.tickertape.in https://*.smallcase.com https://s3.ap-south-1.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://pocket-image-cache.com https://*.ytimg.com https://script.hotjar.com https://premium.thehindubusinessline.com https://thehindubusinessline.com https://thehindu.com https://www.thehindu.com https://www.thehindubusinessline.com https://*.reutersmedia.net https://img.youtube.com https://www.facebook.com https://cdn.razorpay.com; connect-src https://*.tickertape.in http://*.tickertape.in wss://*.tickertape.in https://*.smallcase.com https://www.google-analytics.com https://www.googletagmanager.com https://*.branch.io https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://stats.g.doubleclick.net https://graph.facebook.com https://api.razorpay.com https://cdn.segment.com https://api.segment.io https://api.amplitude.com/; frame-src https://connect.smallcase.com https://connect.smallca.se https://vars.hotjar.com https://www.googletagmanager.com https://accounts.google.com https://www.youtube.com https://vars.hotjar.com https://api.razorpay.com https://*.gateway-tt.in; font-src 'self' https://script.hotjar.com; object-src 'none' 1
frame-ancestors about: *.nascar.com; block-all-mixed-content; default-src https://*.googlesyndication.com https://*.nascar.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.doubleverify.com https://www.googletagservices.com https://*.nascar.com https://*.googlesyndication.com https://*.google.com https://delivery.sharplink.us https://connect.facebook.net https://*.moatads.com https://www.lightboxcdn.com https://amp.akamaized.net https://*.truste.com https://www.google-analytics.com https://*.taboola.com https://ak.sail-horizon.com https://www.datadoghq-browser-agent.com https://*.doubleclick.net https://www.googleadservices.com https://dollardelta.com https://*.chartbeat.com https://d2zi7r1qsrih6r.cloudfront.net https://*.go-mpulse.net https://*.scorecardresearch.com https://*.gigya.com https://*.sharethrough.com https://*.trustarc.com; style-src 'self' 'report-sample' 'unsafe-inline' blob: https://*.nascar.com https://*.googleapis.com https://www.lightboxcdn.com https://delivery.sharplink.us https://cdn.taboola.com https://vidstat.taboola.com https://amp.akamaized.net https://assets.calreplyapp.com https://c.evidon.com https://s-static.innovid.com https://cdn.jsdelivr.net https://chat.satis.fi; object-src https://*.nascar.com; frame-src https://*.gigya.com https://*.googlesyndication.com https://*.taboola.com https://nascardigitalmediallc.demdex.net https://*.doubleverify.com https://*.doubleclick.net https://imasdk.googleapis.com https://*.adnxs.com https://js-sec.indexww.com https://secure-ds.serving-sys.com https://*.criteo.com *.facebook.com *.nascar.com *.youtube.com *.twitter.com https://*.chartbeat.com; child-src blob: https://*.nascar.com; img-src 'self' data: http://*.nascar.com https://*.nascar.com https://*.aniview.com https://*.chartbeat.net https://www.facebook.com https://*.nascar.media https://*.taboola.com http://*.taboola.com https://*.akamaihd.net https://*.moatads.com https://*.scorecardresearch.com https://*.googlesyndication.com https://www.google-analytics.com https://*.lightboxcdn.com https://*.doubleclick.net https://*.google.com https://*.trustarc.com https://*.clipcentric.com https://*.sharethrough.com https://*.doubleverify.com https://nascar-galleries.s3.amazonaws.com https://native-images.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com https://*.nascar.com https://d2zi7r1qsrih6r.cloudfront.net; connect-src 'self' https://www.facebook.com https://*.taboola.com https://*.braze.com https://*.nascar.com https://*.doubleclick.net https://*.omtrdc.net https://*.google.com https://*.datadoghq.com https://*.googlesyndication.com https://dollardelta.com https://*.nascar.media https://*.sail-personalize.com https://amp.akamaized.net; manifest-src 'self' https://*.nascar.com; base-uri 'self' *.nascar.com *.nascar.media; form-action 'self' https://www.facebook.com; media-src 'self' data: blob: https://*.nascar.com https://*.taboola.com; prefetch-src 'self' https://*.googlesyndication.com; worker-src 'self' blob: https://*.nascar.com; report-uri https://gate.rapidsec.net/g/r/csp/9e8e3812-c6ea-40c6-970a-449a3a8dc266/0/7/3?sct=c71769e1-0d50-4e7f-aa2a-39d8b2f06272&dpos=report 1
frame-ancestors 'self' https://*.uncc.edu https://*.charlotte.edu https://*.test.uncc.edu https://*.test.charlotte.edu; frame-src 'self' https:; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src https://*.uncc.edu https://*.charlotte.edu https://*.test.uncc.edu https://*.test.charlotte.edu https://www.youtube.com; report-uri https://ns-upitsdpweb-vip.uncc.edu/util/csp/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://tvline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.gstatic.com *.googleapis.com *.google.com *.google.co.jp *.google-analytics.com *.googlesyndication.com *.g.doubleclick.net *.facebook.com platform.twitter.com www.paydesign.jp reserva.be *.reserva.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.google.com *.google.co.jp *.googleapis.com *.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.googletagservices.com *.googletagmanager.com tagmanager.google.com s.yimg.jp *.yahoo.co.jp connect.facebook.net *.twitter.com *.ads-twitter.com *.a8.net *.atown.jp *.felmat.net a.o2u.jp beacon.digima.com cmkt.jp beacon.digima.com d.line-scdn.net in.treasuredata.com js.fout.jp js.ptengine.jp kitchen.juicer.cc static.criteo.net sslwidget.criteo.com sync.im-apps.net *.socdm.com af.tosho-trading.co.jp cdn.audiencedata.net cdn.smartnews-ads.com cdn.treasuredata.com js.crossees.com s.dc-tag.jp tags.bkrtx.com www.paydesign.jp; style-src 'self' 'unsafe-inline' *.googleapis.com fonts.gstatic.com www.paydesign.jp; img-src 'self' *.google.com *.google.co.jp googleads.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.facebook.com *.yahoo.co.jp a.ddli.jp a.o2u.jp b.audiencedata.net cnt.fout.jp cm.g.doubleclick.net i.smartnews-ads.com in.treasuredata.com t.co tags.bluekai.com tg.socdm.com data: ; font-src 'self' *.googleapis.com www.paydesign.jp fonts.gstatic.com data: ; report-uri https://reserva.be/csp-report ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-ODM1MTM1NzU3LDMyODc4ODkyNjc='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri https://investorplace.com/wp-content/plugins/mixed-content-logging/report-uri/mcl-uri.php 1
child-src 'self'; connect-src 'self' http://*.api.useinsider.com https://*.api.useinsider.com; default-src 'self'; font-src 'self'; frame-src 'self' http://*.api.useinsider.com https://*.api.useinsider.com; img-src 'self' http://*.api.useinsider.com https://*.api.useinsider.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.api.useinsider.com https://*.api.useinsider.com; style-src 'self' 'unsafe-inline' http://*.api.useinsider.com https://*.api.useinsider.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_f1faf6a55828877b54ac41499edd6669 1
default-src * data: blob:;script-src *.workplace.com workplace.com *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net www.google-analytics.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com static.xx.fbcdn.net;connect-src *.workplace.com workplace.com *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.workplace.com:* ws://localhost:* blob: 'self' *.mktoresp.com *.workplace.tools;report-uri https://my.workplace.com/csp/reporting/; 1
script-src 'self' https://d3sq5bmi4w5uj1.cloudfront.net ajax.googleapis.com https://ie7-js.googlecode.com https://cdnjs.cloudflare.com connect.facebook.net uhf.microsoft.com c.microsoft.com cs.microsoft.com c.s-microsoft.com wcpstatic.microsoft.com platform.twitter.com 'sha256-l9ZHmyP+aSQUbzDsO0Z5mU5KmeKTw7h+LYWUCcvjK/o=' 'sha256-PaS0gCgkEvlXwzUjXAo0jysAvDXOc3iIttQamgrvXk0=' 'sha256-LJOONddNtIMPVfcLsFATXyL4P23f3znxXz4FxYemkxI=' 'sha256-9iOvn7LxDLljYZpLeETJMw2obbWSDMr5bD4EvVwobT8=' 'sha256-0E0vDUBHZEKS2e6EIVqnrTnKVNyC9EkRVPrg1eYPjfk=' 'sha256-qKAjO5ncQUIDDV6E+i9Ki0B02qMSMSYn7Qz3CCeUadA=' 'sha256-e+Muvfq9cFCKaGyU2s/dw33x7jyiRjzSxMMWigxtces=' 'sha256-X13pZMYtfc8rLgpPU27DRu9ogdGOie2/WSSRXrvb4qw=' 'sha256-qBq7Yi1crTUnQMu1SOv+OLIkSbFYKoUR5uEZmtGdr18=' 'sha256-3lrmNAZ6kNZZTLuCfq9dwAOOuM3LB25Zw3lZQb6u5mA=' 'sha256-4yQMvgCymLvSmnCJ3fBR7j5ULSCezuYQiYkcA5JNVEY=' 'sha256-ktmU5paXGPR9mdN2uSWY55YcgQeImJRGVoRPrUQgASY=' 'sha256-MA2y0MDJ4KekIetpCUKmHXxHGlTrzqzVnitomCSNO14=' 'sha256-SeFjbS0LfxHLZ4dSTKm3BJQLbYE7L30x+Dieoa6QQwM=' 'sha256-SCdeHAIyndSsvnKndC84UH7e8hWXZfGZi1sXICbMEfM=' 'sha256-H/0P7dZMBnkxNkAxjKwW4ZkIbOu+jUatI5iXj220Mzw=' 'sha256-K2eMQjiqAXlEEKU1OI//ND8SNuV5nMOGNBQxtt0fK+g=' 'sha256-teb0gd16eHO96p+TWUf4Qk9ED1HJmiBTon8ooUoBh00=' 'sha256-Kdb1cN+XVz5wzuxh0LQlnyRgRjSv4+NQJ0c57mBi0pc=' 'sha256-dc0kLiLbea/nrL24ZXilOuRrs2VzRffX05RSQdgHUsU=' 'sha256-LjreJQqJjPxAIN/hThhUIWTziFE4758qAZp8fvAjruM=' 'sha256-o62lg6aR4njGCW/O+wQfymrm7gCZOXINNMAQNuD1VGM=' 'sha256-j3H8aCmyA0faDUoXS4euhLBRHBatCYqsLfaeZoZ86RQ='; style-src 'self' 'unsafe-inline' d3sq5bmi4w5uj1.cloudfront.net uhf.microsoft.com c.s-microsoft.com; img-src 'self' syndication.twitter.com analytics.twitter.com t.co uhf.microsoft.com c.microsoft.com *.facebook.com d3sq5bmi4w5uj1.cloudfront.net images.mxpnl.com wdgcdn.azureedge.net asgcdn.azureedge.net; frame-src *.facebook.com platform.twitter.com c1.microsoft.com c.bing.com; font-src 'self' data:; report-uri https://csp.skype.com 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: js.braintreegateway.com *.doubleclick.net www.paypalobjects.com script.hotjar.com bounceexchange.com d2wy8f7a9ursnm.cloudfront.net s.pinimg.com s.dca0.com s3.amazonaws.com cdn.teepublic.com d18p8z0ptb8qab.cloudfront.net js-agent.newrelic.com www.googlecommerce.com cdn.deepchannel.com cdn.funnelytics.io sc-static.net bat.bing.com apis.google.com xds.dca0.com cdn.userleap.com www.google.com analytics.tiktok.com www.googleadservices.com translate.googleapis.com pagead2.googlesyndication.com assets.bounceexchange.com d.impactradius-event.com www.redditstatic.com tag.bounceexchange.com widget.trustpilot.com sn.dca0.com static.hotjar.com connect.facebook.net api.bounceexchange.com d.adroll.mgr.consensu.org www.googletagservices.com s.adroll.com d.adroll.com shareasale-analytics.com static.zdassets.com www.gstatic.com *.opendns.com www.googletagmanager.com s.yimg.com secure.adnxs.com bam.nr-data.net www.paypal.com; form-action  www.facebook.com ct.pinterest.com tr.snapchat.com www.teepublic.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.slant.co cdn.honey.io assets.quadpay.com cdn.ivaws.com use.typekit.net fonts.gstatic.com cdn.teepublic.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.opendns.com ssl.kaptcha.com s.adroll.com ct.pinterest.com vars.hotjar.com www.google.com connect.facebook.net *.doubleclick.net widget.trustpilot.com tr.snapchat.com www.facebook.com tpc.googlesyndication.com assets.bounceexchange.com assets.braintreegateway.com www.paypal.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.googleapis.com s.adroll.com use.typekit.net assets.bounceexchange.com cdn.teepublic.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.co.ke www.google.com.hk notify.bugsnag.com events.attentivemobile.com t.dca0.com www.google.com.my www.google.pt www.google.nl www.google.ie in.hotjar.com page.cdnbasket.net d.adroll.com www.google.cz www.google.se l8.dca0.com s.adroll.com dfp.bouncex.net www.google.com.pk ct.pinterest.com www.google.bg l4.dca0.com cdn.teepublic.com ids.cdnwidget.com www.google.rs teepublic.zendesk.com www.google.ca sn36.dca0.com www.google.ro coupons.bounceexchange.com www.google.co.in www.google.com.mx www.google.tn www.google.com.au www.google.co.cr www.google.com.tr www.google.com.vn simonsignal.com l7.dca0.com www.google.co.ma teepublic.attn.tv view.cdnbasket.net sessions.bugsnag.com www.google.hr sn.dca0.com www.google.fr adservice.google.com www.google.it l3.dca0.com analytics.tiktok.com www.google.co.za l6.dca0.com www.google.com.sg www.google.dz events.bouncex.net www.googletagmanager.com s.yimg.com bam.nr-data.net www.google.at *.doubleclick.net client-analytics.braintreegateway.com ekr.zdassets.com www.paypal.com l2.dca0.com track-v2.funnelytics.io api.userleap.com www.google.com.bd www.google.com.ua www.google.de pd.cdnwidget.com l9.dca0.com www.google.fi www.google.ru www.google.co.il teepublic.sjv.io optout.dca0.com xds.dca0.com www.facebook.com l5.dca0.com api.braintreegateway.com www.google.co.nz bat.bing.com analytics.google.com vc.hotjar.io www.google.es www.google.com.ph www.google.co.uk; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: idsync.reson8.com cx.atdmt.com adservice.google.co.uk events.attentivemobile.com www.google.nl pippio.com adservice.google.it www.google.com.ua www.google.se eb2.3lift.com www.gstatic.com www.google.co.th fcmatch.youtube.com d.adroll.com api.bounceexchange.com www.google.rs idsync.rlcdn.com tags.rd.linksynergy.com secure-gl.imrworldwide.com ct.pinterest.com connect.facebook.net cdn.teepublic.com sync.taboola.com adservice.google.com.au www.google.co.ke www.google.com.my deviceid.trueleadid.com www.google.co.ma global.ib-ibi.com csi.gstatic.com events.bouncex.net ads.scorecardresearch.com www.google.co.ve segments.company-target.com dsum-sec.casalemedia.com www.google.com.eg rc.rlcdn.com www.google.co.il www.google.tn p.rfihub.com www.google.com.mx *.opendns.com www.google.co.id www.google.com.br adservice.google.com www.google.cl t.co www.google.fr cdn.buttercms.com www.google.de www.google.fi www.paypalobjects.com *.yahoo.com sync-tm.everesttech.net beacon.krxd.net bat.bing.com www.facebook.com adservice.google.ca token.rubiconproject.com www.google.co.uk www.google.hu pixel.advertising.com www.google.com.pk www.google.co.cr cdn.honey.io tags.bluekai.com www.google.pt res.cloudinary.com px.surveywall-api.survata.com www.google.com.hk www.google.co.kr www.google.co.in t.paypal.com d.turn.com www.google.gr www.google.com.ng www.googletagmanager.com ad.doubleclick.net www.google.no www.google.ae s3.amazonaws.com www.google.com.tr www.google.bg adservice.google.com.mx www.google.com.pr www.google.cz d10gj7yjsfriaj.cloudfront.net www.google.ie www.google.ca www.google.ro shareasale.com sync.mathtag.com sync.outbrain.com u.cdnwidget.com s0.2mdn.net aa.agkn.com adservice.google.co.in www.google.com.vn www.google.co.nz ds.reson8.com www.google.com.ec lrpush.apxlv.com www.google.ch adservice.google.se www.google.com www.google.co.za www.google.at usermatch.krxd.net bam.nr-data.net www.google.dz s.amazon-adsystem.com assets.bounceexchange.com www.google.com.sg www.google.hr match.adsrvr.org www.google.it shareasale-analytics.com x.bidswitch.net dpm.demdex.net subscription.omnithrottle.com www.google.ru www.google.be pixel.rubiconproject.com www.pinterest.com www.google.com.bd pix.cdnwidget.com *.doubleclick.net www.google.com.co alb.reddit.com ib.adnxs.com ads.yahoo.com analytics.tiktok.com us-u.openx.net www.google.es www.google.com.ph simage2.pubmatic.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.zdassets.com; report-uri /csp_report 1
default-src 'none'; report-uri https://csp-report.wwnorton.com; connect-src 'self' https://appservices.wwnorton.com; frame-ancestors 'self'; font-src 'self'  https://fonts.googleapis.com; style-src 'self' https://cloud.typography.com https://dsbst55b1909i.cloudfront.net; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://static.wwnorton.com https://storage.googleapis.com; img-src 'self' https://www.google-analytics.com https://appservices.wwnorton.com https://cdn.wwnorton.com https://diqp43fm0w6zs.cloudfront.net  https://stats.g.doubleclick.net; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.ca&source%5Bsection%5D=brochure&source%5Buuid%5D=998624eaaa2a521dec0448e1a88a8d7c 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-3nStIxHFwi7pX+459dmKD9YjiR7cjo' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src 'none'; base-uri 'self' docs.helpscout.net; block-all-mixed-content; child-src 'self' assets.braintreegateway.com c.paypal.com www.youtube.com player.vimeo.com fast.wistia.net moz-extension://* chrome-extension://*; connect-src 'self' api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.paypal.com www.google-analytics.com connect.facebook.net www.facebook.com ysxtsrzt2b4s.statuspage.io rescuetime.helpscoutdocs.com secure.helpscout.net api.ipify.org beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net *.sumologic.com sentry.io *.ingest.sentry.io *.sentry-cdn.com wss: wss://*.pusher.com slack.com github.com exist.io *.visualwebsiteoptimizer.com app.vwo.com logo.clearbit.com *.ubembed.com *.userleap.com *.usersnap.com; font-src 'self' data: fonts.gstatic.com app.vwo.com *.ubembed.com *.userleap.com *.usersnap.com; form-action 'self' *.welltory.com; frame-ancestors moz-extension://* chrome-extension://*; frame-src 'self' assets.braintreegateway.com *.paypal.com djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net platform.twitter.com www.googletagmanager.com www.google.com tst.kaptcha.com ssl.kaptcha.com www.youtube.com moz-extension://* chrome-extension://* ifttt.com *.vimeo.com app.vwo.com *.ubembed.com *.userleap.com *.usersnap.com; img-src 'self' data: assets.braintreegateway.com *.paypal.com platform.twitter.com pbs.twimg.com www.google-analytics.com connect.facebook.net *.facebook.com d33v4339jhl8k0.cloudfront.net moz-extension://* chrome-extension://* via.placeholder.com ifttt.com api.producthunt.com zapier.com cdn.zapier.com *.visualwebsiteoptimizer.com app.vwo.com track.customer.io secure.gravatar.com logo.clearbit.com *.ubembed.com *.userleap.com *.usersnap.com; manifest-src 'self'; media-src 'self' beacon-v2.helpscout.net; object-src 'self' djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net cdn.ravenjs.com platform.twitter.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com zapier.com connect.facebook.net dev.visualwebsiteoptimizer.com app.vwo.com cdn.rawgit.com player.vimeo.com assets.customer.io *.ubembed.com *.userleap.com *.usersnap.com *.sentry-cdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net djtflbt20bdde.cloudfront.net app.vwo.com *.ubembed.com *.userleap.com *.usersnap.com; worker-src blob:; report-uri https://www.rescuetime.com/csp-report 1
script-src 'strict-dynamic' 'nonce-MTc2OTgwNjM5Nyw0MDQzMjI2MzY4'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.blogher.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dynamicyield.com www.googletagmanager.com www.google-analytics.com connect.facebook.net ajax.cloudflare.com *.wistia.com blob: static.cloudflareinsights.com s.go-mpulse.net *.hotjar.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.addtoany.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.dynamicyield.com www.googletagmanager.com www.google-analytics.com connect.facebook.net ajax.cloudflare.com *.wistia.com blob: static.cloudflareinsights.com s.go-mpulse.net *.hotjar.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.addtoany.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.dynamicyield.com fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/safety_google 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-MzgxODY4MTMwNywzNTY1NDIzMDgy'; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
object-src 'none';base-uri 'self';script-src 'nonce-PVdg5lqbLLQwrTVuWGkn' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/admob_google_com 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.soloway.ru https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com 	 https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://inv-dmp.admixer.net ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.init.de *.openstreetmap.org *.twitter.com *.twimg.com *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundesfinanzministerium.de; child-src *.google.com *.gstatic.com *.youtube.com *.init.de *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.twitter.com *.twimg.com *.bundesfinanzministerium.de; frame-ancestors 'self'; report-uri /site/servlet/csp-report; 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; script-src 'nonce-d19b0c2811eb4b928bb64b95b921c1ec' 'unsafe-hashes' 'sha256-1maWi35AZm2eb0SDGUjz4yC0C7VC0PK1u/+qKV3OR14='  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; style-src 'self' 'nonce-d19b0c2811eb4b928bb64b95b921c1ec'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com; frame-src https://www.youtube.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=130-5386967-2957611:rid=5C2B16476F704C8D88E3:sn=www.newworld.com 1
default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1
img-src https: data:; connect-src https:; report-uri https://csp-reports.yesware.com/new 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/abc_xyz 1
font-src 'self' data: https://*.cloudfront.net *.googleapis.com https://fonts.gstatic.com; object-src 'self' blob:; default-src 'self'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self'; child-src https:; connect-src 'self' https:; media-src 'self' 1
default-src 'self' 'unsafe-inline' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.usni.org *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.authorize.net *.facebook.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' *.usni.org *.googlesyndication.com *.google.com disqus.com *.disqus.com *.googletagmanager.com *.addtoany.com *.scribd.com *.facebook.com *.g.doubleclick.net ; form-action 'self' *.usni.org *.facebook.com *.salesforce.com; upgrade-insecure-requests; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.chatlio.com https://maxcdn.bootstrapcdn.com https://js.intercomcdn.com data: https://fonts.gstatic.com ; connect-src https://bam.nr-data.net https://fonts.gstatic.com wss://ws.pusherapp.com https://*.chatlio.com wss://*.intercom.io https://*.intercom.io https://*.algolia.com https://insights.algolia.io https://*.algolia.net https://*.algolianet.com https://insights.hotjar.com wss://*.hotjar.com https://*.kissmetrics.com https://vimeo.com https://*.pingdom.net https://api.segment.io https://api.amplitude.com/ https://sentry.io https://*.getbeamer.com wss://*.getbeamer.com https://*.mktoresp.com ; report-uri https://algolia.report-uri.io/r/default/csp/reportOnly 1
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.sg kmart.com.au bat.bing.com images.kmart.com.au rs.fullstory.com www.facebook.com zamant.ru p.yotpo.com www.google.es assets.pinterest.com log.pinterest.com cdn-yotpo-images-production.yotpo.com www.google-analytics.com embed.salefinder.com.au www.googleadservices.com embed.salefinder.co.nz ssl.google-analytics.com ct.pinterest.com cdn.optimizely.com email.kmart.com.au maps.gstatic.com www.google.com dc.oracleinfinity.io www.google.com.au www.pinterest.com dduhxx0oznf63.cloudfront.net www.gstatic.com www.googletagmanager.com pixboost.com mc.yandex.ru cdn.truefitcorp.com maralo.ru 50.xg4ken.com *.doubleclick.net www.youtube.com www.google.co.nz www.kmart.com.au bam-cell.nr-data.net connect.facebook.net; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: apis.google.com www.facebook.com survey.survicate.com www.googletagmanager.com cdn.truefitcorp.com tags.tiqcdn.com *.doubleclick.net *.optimizely.com accounts.google.com www.youtube.com ct.pinterest.com secure.ippayments.com connect.facebook.net www.kmart.com.au www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: gateway.zscalerone.net cdn.truefitcorp.com fonts.googleapis.com www.kmart.com.au embed.salefinder.com.au staticw2.yotpo.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com images.kmart.com.au static3.avast.com shopping.qantas.com cdn.truefitcorp.com fonts.googleapis.com www.kmart.com.au staticw2.yotpo.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net rum.optimizely.com manager.eu.smartlook.cloud zamant.ru staticw2.yotpo.com respondent.survicate.com www.kmart.com.au www.google-analytics.com bam.nr-data.net maralo.ru ws3.ondemand.qas.com gateway.zscalerone.net ct.pinterest.com kmart.com.au events-writer.smartlook.com consumer.truefitcorp.com api.yotpo.com mc.yandex.ru ac.cnstrc.com maps.googleapis.com www.facebook.com analytics.tiktok.com rs.fullstory.com ssl.google-analytics.com web-writer.sg.smartlook.cloud www.google.com collect-ap-southeast-2.tealiumiq.com cdn.optimizely.com api.kmart.com.au tapi.optimizely.com assets-proxy.smartlook.cloud web-writer.eu.smartlook.cloud logx.optimizely.com errors.client.optimizely.com pro.openweathermap.org www.googletagmanager.com adservice.google.com seoab.io; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: visitor-service-ap-southeast-2.tealiumiq.com zamant.ru static.queue-it.net ciclonrox.com www.kmart.com.au webservice.salefinder.com.au assets.pinterest.com rec.smartlook.com cnstrc.com cdnjs.cloudflare.com gateway.zscalerone.net staticw2.yotpo.com embed.salefinder.com.au js-agent.newrelic.com www.google-analytics.com unpkg.com consumer.truefitcorp.com apis.google.com s.pinimg.com www.youtube.com analytics.tiktok.com dc.oracleinfinity.io maps.googleapis.com connect.facebook.net www.gstatic.com bam-cell.nr-data.net assets.queue-it.net visitor-service.tealiumiq.com cdn3.optimizely.com kmart.queue-it.net kma-cdn.truefitcorp.com tags.tiqcdn.com cdn.truefitcorp.com edge.fullstory.com www.googletagmanager.com survey.survicate.com c.oracleinfinity.io cdn.optimizely.com www.google.com cdn-quick-ar.threedy.ai seoab.io www.googleadservices.com widgets.pinterest.com www.kmart.co.nz ssl.google-analytics.com surveys-static.survicate.com; form-action  ct.pinterest.com www.facebook.com connect.facebook.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.fontawesome.com fonts.gstatic.com moneygram.force.com consent.trustarc.com fonts.googleapis.com *.amazonaws.com; form-action  paywithmybank.com deviceauth.moneygram.com tr.snapchat.com *.salesforceliveagent.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.googleapis.com use.fontawesome.com moneygram.force.com asset.gomoxie.solutions; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ipb.smct.co cookiee1.veinteractive.com sessionapi.veinteractive.com bat.bing.com ipb.smct.io *.amazonaws.com *.doubleclick.net fonts.gstatic.com centinelapi.cardinalcommerce.com www.facebook.com ipl.smct.co events-moneygram.gomoxie.solutions ipl.smct.io consumerapi.moneygram.com writer.cardinalcommerce.com location.gomoxie.solutions fonts.googleapis.com smct.co dtrc.veinteractive.com adservice.google.com collector.tealeaf.ibmcloud.com analytics.tiktok.com www.google.com js.smct.io asset.gomoxie.solutions s.yimg.com js.smct.co bam.nr-data.net; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: deviceauth.moneygram.com tags.rd.linksynergy.com www.facebook.com geo.cardinalcommerce.com tr.snapchat.com connect.facebook.net www.youtube.com consent-pref.trustarc.com www.google.com smct.co centinelapi.cardinalcommerce.com *.doubleclick.net insight.adsrvr.org match.adsrvr.org cj.dotomi.com paywithmybank.com asset.gomoxie.solutions consent.trustarc.com tpc.googlesyndication.com www.emjcd.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.woopra.com config1.veinteractive.com tags.rd.linksynergy.com maps.googleapis.com asset.gomoxie.solutions d.turn.com s.yimg.com www.googletagmanager.com paywithmybank.com smct.co www.gstatic.com consent.trustarc.com secure.adnxs.com *.salesforceliveagent.com connect.facebook.net *.doubleclick.net deviceauth.moneygram.com js.smct.io js-agent.newrelic.com intljs.rmtag.com js.smct.co bam.nr-data.net analytics.tiktok.com bat.bing.com songbird.cardinalcommerce.com includes.ccdc02.com www.rtb123.com www.googleadservices.com www.google.com moneygram.force.com ads.nextdoor.com sc-static.net six.cdn-net.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: a.volvelle.tech consent.linksynergy.com match.adsrvr.org www.google.com.mx bat.bing.com bam.nr-data.net consent.trustarc.com secure.adnxs.com webv2cmsprod.aws.moneygram.com www.facebook.com cx.atdmt.com www.google.es paywithmybank.com maps.gstatic.com www.google.com idsync.rlcdn.com consent-pref.trustarc.com px2.smct.co *.yahoo.com drs2.veinteractive.com insight.adsrvr.org consumerapi.moneygram.com www.gstatic.com maps.googleapis.com cdn.smct.io www.google.it www.google.co.uk www.google.com.au www.google.fr www.google.com.ph www.googletagmanager.com tr.snapchat.com www.google.de www.google.ci analytics.tiktok.com *.doubleclick.net www.google.com.jm connect.facebook.net www.google.ca *.amazonaws.com flask.nextdoor.com www.google.co.in; report-uri /csp_report 1
default-src 'self' https:; base-uri https://www.elysee.fr; block-all-mixed-content; child-src *; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; img-src https://tarteaucitron.io https://ssl.google-analytics.com https://stats.g.doubleclick.net data: https://www.elysee.fr https://admin.elysee.fr https://static.elysee.fr; plugin-types video/*; script-src https://tarteaucitron.io https://www.google-analytics.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://static.elysee.fr; style-src https://cdn.jsdelivr.net https://tarteaucitron.io https://fonts.googleapis.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://static.elysee.fr; report-uri /csp/report 1
default-src 'self'; script-src 'report-sample' 'self' 'sha256-BiNyGbGZEG1ZcMWhdKvmZ1DwYSpvZ8xcAxRrIag59sQ=' 'sha256-p96cet82gMKBOah5xqTlTC1NImfgmfwp9xhnLYsv45Q=' 'sha256-K7F5t+0jCUOcvI0w5XCLORVrRe6Cl7fcvsyOhpNlvRA=' 'sha256-osJOIDsvZzKR6jjDkmJzOK/lCl+6P59lwiMwf2WwwX0=' 'sha256-ech7dK56PGMmo3zLhyCe9XpUu/4+pGU11bUeBEpq56o=' 'sha256-5aTBNtoMSFGD0AJ9+0YPRibd5APCDzFjjKtA16wQik8=' 'sha256-hV1mihBfiWqmXQxPNANChEuUWIOIlte4D1DUOfqSY2Y=' 'sha256-DHkQzQeawSI3bMDJPOulIinzX/ih38goNk2cvBZsgPM=' 'sha256-LjOYZt74qQlHixQckZ1K+NyxwGO8jPc/zUDhd43i7qY=' 'sha256-C6r1Uv+2BkE8Qjrq+iYLyfsjck3nrA/PhDEE1u7CHtk=' 'sha256-hV1mihBfiWqmXQxPNANChEuUWIOIlte4D1DUOfqSY2Y=' 'sha256-BxUWVs1+UwaUImPFWmLpOCjBDGTFuFcwcXgQwKyVSYU=' https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976618339/ https://a.clickcertain.com/px/smart/a/ https://a.remarketstats.com/px/smart/; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.google.com https://a.clickcertain.com/; img-src 'self' https://www.google-analytics.com https://www.google.com https://www.google.pl; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self' data: blob: *.tiktokcdn.com *.pstatp.com *.bytedance.net *.bytescm.com *.boe.byted.org *.mediaroom.com *.bytednsdoc.com;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.bytedance.com *.bytedance.cn *.bytecdn.cn *.pstatp.com *.bytedance.net *.bytescm.com *.boe.byted.org *.investorroom.com;script-src-elem data: blob: 'unsafe-inline' 'unsafe-eval' *.bytedance.com *.bytedance.cn *.bytedance.net *.pstatp.com *.bytescm.com *.bytecdn.cn *.boe.byted.org s16.hypstarcdn.com *.investorroom.com *.mediaroom.com;style-src 'unsafe-inline' *.pstatp.com *.bytedance.net *.bytescm.com *.bytecdn.cn *.ibytedtos.com *.tiktokcdn.com *.bytedance.com *.boe.byted.org *.investorroom.com;connect-src *.snssdk.com *.byteoversea.com *.bytedance.com bytedance.com *.bytedance.cn *.bytedance.net *.pstatp.com *.bytescm.com *.bytecdn.cn *.boe.byted.org s16.hypstarcdn.com *.investorroom.com;img-src data: blob: *.pstatp.com *.bytedance.net *.bytescm.com *.ibytedtos.com *.tiktokcdn.com p16a.tiktokcdn.com *.boe.byted.org *.byted.org *.bytecdn.cn *.investorroom.com;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=bytedance_home_new 1
base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';script-src 'report-sample' 'nonce-idrNAQowwQavP8rKGTvwoA' 'unsafe-inline' 'strict-dynamic' https: http:;style-src https: 'unsafe-inline';report-uri /cspreport 1
frame-ancestors 'self' http://*.oriflame.com https://*.oriflame.com http://*.online.ori https://*.online.ori http://*.ori.local https://*.ori.local http://*.oriflame.cc https://*.oriflame.cc http://*.oriflame.ru https://*.oriflame.ru http://*.oriflame.cn https://*.oriflame.cn; report-uri /CspReport?policyRequestId=39bcd5d1d57c8d43 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://footwearnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src blob: data: https: 'self' wss:; script-src blob: data: https: 'self' wss: 'unsafe-eval' 'unsafe-inline'; style-src blob: data: https: 'self' wss: 'unsafe-inline'; report-uri https://everlane.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self'; default-src 'self' https://tpc.googlesyndication.com/safeframe/; connect-src 'self' https://*.abcya.com https://*.playwire.com https://csi.gstatic.com https://dt.clnmde.com https://kinesis.us-east-1.amazonaws.com https://www.google-analytics.com https://*.media.net https://*.googlesyndication.com https://*.doubleclick.net https://*.arcademics.com wss://*.arcademics.com; font-src 'self' https://*.media.net https://d33wubrfki0l68.cloudfront.net https://fonts.gstatic.com https://*.arcademics.com; frame-src 'self' blob: https://cdn.intergi.com https://*.playwire.com https://*.stripe.com https://*.abcya.com https://pxlclnmdecom-a.akamaihd.net https://*.googlesyndication.com https://*.doubleclick.net https://www.google.com; img-src 'self' data: https://*.arcademics.com https://*.net https://*.abcya.com https://cdn.intergi.com https://*.playwire.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://dt.clnmde.com https://www.googletagmanager.com https://*.doubleclick.net https://intergi-phoenix.s3.amazonaws.com https://px.moatads.com https://*.googlesyndication.com https://www.google-analytics.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.kidsafeseal.com https://s02mdn.net/; media-src 'self'; object-src https://*.abcya.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://adservice.google.com https://cdn.ampproject.org https://cdn.intergi.com https://cdn.intergient.com https://*.playwire.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://*.stripe.com https://mb.moatads.com https://pxlclnmdecom-a.akamaihd.net https://*.doubleclick.net https://*.arcademics.com https://*.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googletagservices.com https://www.gstatic.com https://z.moatads.com; style-src 'self' 'unsafe-inline' https://cdn.intergi.com https://d33wubrfki0l68.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com; report-uri https://www.ixl.com/actions/csp/report-abcya; report-to csp-endpoint; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com accounts.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net www.apptrian.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com accounts.google.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com accounts.google.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com accounts.google.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.in&source%5Bsection%5D=brochure&source%5Buuid%5D=c7fba424fbb56c478ce46c61c7470938 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com 'strict-dynamic' 'nonce-NTQ5ODM0NzEyLDI0Nzc2NTQyOTU='; report-uri https://exceptions.hubspot.com/csp/report?version=test; 1
connect-src 'self' *.crazyegg.com *.demdex.net *.doubleclick.net *.forter.com *.perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.tt.omtrdc.net adservice.google.com api.bazaarvoice.com apps.bazaarvoice.com b.px-cdn.net bam-cell.nr-data.net bam.nr-data.net bat.bing.com cdn.cookielaw.org cdn0.forter.com cdn3.forter.com cdn9.forter.com ct.pinterest.com d2o5idwacg3gyw.cloudfront.net dpm.demdex.net dpm.demdex.net googleads4.g.doubleclick.net in.visitors.live in.visitors.live ipapi.co localhost:49506 network-a.bazaarvoice.com network.bazaarvoice.com new229.com pagead2.googlesyndication.com privacyportal.onetrust.com pubsub.googleapis.com recs.richrelevance.com rh.nexus.bazaarvoice.com schema.milestoneinternet.com settings.luckyorange.net siteintercept.qualtrics.com smetrics.totalwine.com stats.g.doubleclick.net totalwine-sites.secure.force.com totalwine.com totalwine.tt.omtrdc.net totalwine.tt.omtrdc.net tracking.crazyegg.com translate.googleapis.com trc-events.taboola.com trc.taboola.com us-central1-adaptive-growth.cloudfunctions.net vimeo.com wss://cdn0.forter.com wss://in.visitors.live wss://visitors.live www.facebook.com www.google-analytics.com www.google.com www.totalwine.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bazaarvoice.com *.forter.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com 1c63ac2bb1db.cdn4.forter.com 2u8z2a.6v5f3l.com 3n74iv.x3hn2p.com 7vnsr60001.ibosscloud.com analytics-static.ugc.bazaarvoice.com apps.bazaarvoice.com assets.adobedtm.com bam.nr-data.net bat.bing.com blipznchitzcom-a.akamaihd.net blob: bpb.opendns.com brounelink.com c2op6nqb.micpn.com cdn.brcdn.com cdn.cookielaw.org cdn.pdst.fm cdn.tt.omtrdc.net cdncache-a.akamaihd.net cdnjs.cloudflare.com cms.totalwine.bloomreach.cloud connect.facebook.net container.pepperjam.com core.conversant.mgr.consensu.org cti.w55c.net d.la1-c2-ia5.salesforceliveagent.com d35u1vg1q28b3w.cloudfront.net data display.ugc.bazaarvoice.com docs.paymentjs.firstdata.com gateway.zscaler.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscalertwo.net gateway.zscloud.net geolocation.onetrust.com googleads.g.doubleclick.net i0gj.su3e5.com jamesbotscom-a.akamaihd.net js-agent.newrelic.com js.adsrvr.org jtdue2.x3hn2p.com live.rezync.com login-ds.dotomi.com mpsnare.iesnare.com partners.cmptch.com player.vimeo.com qdatasales.com rules.quantcount.com s.cmptch.com s3.amazonaws.com schema.milestoneinternet.com script.crazyegg.com secure.mycouponsmartmac.com secure.quantserve.com siteintercept.qualtrics.com totalwine-sites.secure.force.com totalwine.my.salesforce.com tpc.googlesyndication.com unpkg.com visualsponline.azurewebsites.net www.google-analytics.com www.googleadservices.com www.totalwine.com www.upsellit.com www.youtube.com zne8jbwf0djz2vvnd-totalwine.siteintercept.qualtrics.com; report-uri https://csp.px-cloud.net/report?report=1&id=3f642a4a3bb3885f342c163e8a05a46e&app_id=PXFF0j69T5 1
default-src https:; img-src https:; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=a244R10OWtLFnA 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://us-central1-shinesumoplus.cloudfunctions.net/report-uri 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.search.ch/api/mixedcontent.json 1
frame-ancestors 'self'; report-uri https://mizar.unive.it/alvise.rabitti/cspreport/report.php; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://teacup.report-uri.com/r/t/csp/reportOnly 1
default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.yahoo.com *.doubleclick.net; font-src 'self' *.bootstrapcdn.com; frame-src 'self' *.soundcloud.com *.twitter.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com *.yahoo.com https://www.google.com/ads/ga-audiences *.pendo.io *.twitter.com *.twimg.com; script-src 'self' 'nonce-i5Rmez4xbrK/Y1wkSxwYQA==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com *.github.com/flurrydev/ *.pendo.io *.twitter.com *.twimg.com; style-src 'self' 'unsafe-inline' *.yimg.com *.twitter.com *.twimg.com https://github.githubassets.com/assets/ *.bootstrapcdn.com; report-uri /csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.amazonaws.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com *.facebook.com *.facebook.net static.xx.fbcdn.net *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net www.careopinion.org.uk static.addtoany.com *.wp.com www.patientopinion.org.uk hcaptcha.com *.hcaptcha.com assets.nhs.uk www.travelinescotland.com c7.avaamo.com c7avaamo.s3-us-west-2.amazonaws.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
default-src https:; img-src https: data:; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; object-src 'self'; font-src https: data:; style-src https: 'unsafe-inline'; script-src 'nonce-3eaa288a-961a-46d6-9acf-2d19fd25dd8c' 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*;report-uri https://ort.wellsfargo.com/reporting/csp 1
frame-src https://server.lon.liveperson.net https://*.doubleclick.net https://resources.digital-cloud-uk.medallia.eu https://ee.co.uk https://syndication.twitter.com https://sitecatalyst.omniture.com https://www.youtube.com https://d16fk4ms6rqz1v.cloudfront.net https://social.hotukdeals.com http://ee-uk-ppf.wm-staging.com https://app.wizdom.ai https://*.facebook.com https://lo.v.liveperson.net https://*.google.com https://www.myunidays.com https://saltcdn2.googleapis.com https://*.ee.co.uk https://saltcdn2.instagram.com https://insights.uniqodo.com https://lo.tokenizer.liveperson.net https://*.demdex.net https://authorize.omniture.com https://prod-browsext.pricesearcher.com https://www.hotukdeals.com https://ee-embedded.myunidays.com https://*.akamaihd.net https://*.criteo.net 'self' https://tpc.googlesyndication.com https://eeretailapp.co.uk https://noop.style https://tr.snapchat.com https://plugin.monotote.com https://*.lpsnmedia.net https://consent-pref.trustarc.com https://3796688.fls.doubleclick.net https://ee.cloud-iq.com https://consent.trustarc.com https://platform.twitter.com https://*.facebook.net https://*.criteo.com https://gateway.zscalerone.net https://ee.real-digital.co.uk; connect-src https://*.doubleclick.net https://*.ads-twitter.com https://*.twitter.com https://decibelinsight.net https://*.googleadservices.com https://*.gstatic.com https://resources.digital-cloud-uk.medallia.eu https://ee.co.uk https://dpm.demdex.net https://bat.bing.com https://ajax.googleapis.com https://www.googletagmanager.com https://wmstatic.global.ssl.fastly.net https://t.co https://*.facebook.com https://*.reevoo.com https://*.google.com https://*.ee.co.uk https://ee.15gifts.com https://imp2.nowinteract.com https://collection.decibelinsight.net https://static.queue-it.net https://a.optmnstr.com https://insights.uniqodo.com https://*.demdex.net https://www.googleapis.com https://*.tt.omtrdc.net wss://cdn.decibelinsight.net https://*.tags.tiqcdn.com https://btbusiness.d1.sc.omtrdc.net https://i.salecycle.com https://cdn.decibelinsight.net wss://collection.decibelinsight.net https://*.akamaihd.net https://code.jquery.com https://*.criteo.net https://everythingeverywhere.tt.omtrdc.net 'self' https://ee-dtp-static.s3.amazonaws.com https://tr.snapchat.com https://*.google-analytics.com https://translate.googleapis.com https://*.lpsnmedia.net https://*.online-metrix.net https://ws.sessioncam.com https://btbsecure.business.bt.com https://*.cloudfront.net https://consent.trustarc.com https://*.facebook.net https://ee-outage.s3.amazonaws.com https://ee-tagging.s3.amazonaws.com https://api.uniqodo.com https://skynet.reevoo.com https://*.liveperson.net https://*.criteo.com https://myaccount.ee.co.uk https://api.opmnstr.com; script-src https://*.doubleclick.net https://*.twitter.com https://mark.reevoo.com https://decibelinsight.net https://*.gstatic.com https://ee.co.uk https://www.youtube.com https://www.zenaps.com https://bat.bing.com https://cdn.walkme.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://tags.tiqcdn.com https://connect.facebook.net https://vip.timezonedb.com https://medallia.eu https://nebula-cdn.kampyle.com https://d2oh4tlt9mrke9.cloudfront.net https://c.cnzz.com https://*.google.com https://*.ee.co.uk https://twitter.com https://ee.15gifts.com https://*.googleapis.com https://static.queue-it.net https://a.optmnstr.com https://s.ytimg.com https://p294588.clksite.com https://*.tt.omtrdc.net https://track.adform.net https://smetrics.ee.co.uk https://www.linkedin.com https://snap.licdn.com https://*.tags.tiqcdn.com https://btbusiness.d1.sc.omtrdc.net https://track.uniqodo.com https://rules.quantcount.com https://assets.revlifter.io https://www.googleadservices.com https://rialto-gms.s3.amazonaws.com https://px.ads.linkedin.com https://static.ads-twitter.com https://eeuk.queueit.net https://gdata.youtube.com https://cdn.decibelinsight.net https://*.akamaihd.net https://*.criteo.net https://beta.mybetterdl.com 'unsafe-inline' 'self' https://tpc.googlesyndication.com https://ee-dtp-static.s3.amazonaws.com https://ct.pinterest.com https://adobedtm.com https://p0.mycdn.co https://*.google-analytics.com https://plugin.monotote.com https://vimeo.com https://*.lpsnmedia.net https://secure.quantserve.com https://ads.avocet.io https://ws.sessioncam.com https://*.adobedtm.com https://*.cloudfront.net https://ssl.google-analytics.com https://www.dwin1.com 'unsafe-eval' https://ee.cloud-iq.com https://sc-static.net https://consent.trustarc.com https://analytics.twitter.com https://platform.twitter.com https://*.facebook.net https://cm.everesttech.net https://cdn.syndication.twimg.com https://ee-tagging.s3.amazonaws.com https://cdn.nowinteract.com https://*.liveperson.net https://*.criteo.com https://lptag.liveperson.net https://googleads.g.doubleclick.net; default-src https://ee.co.uk https://*.ee.co.uk 'self'; object-src https://ee.co.uk https://*.ee.co.uk 'self'; style-src https: 'unsafe-inline' 'self'; media-src https: 'self'; img-src https: 'self'; font-src https: 'self'; report-uri https://example.com 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://tools.oxygem.it/csp-violation-report-endpoint/index.php 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; report-uri https://cspreport.report-uri.io/r/default/csp/reportOnly 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://dev-ssl.loseit.com/_ops/csp-report 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self'   https://csi.gstatic.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://capture.trackjs.com https://www.google.com https://*.hotjar.com:* wss://*.hotjar.com https://bam.nr-data.net 'report-sample'; font-src 'self' https://inassets1-internationsgmbh.netdna-ssl.com/ https://fonts.gstatic.com https://static.hotjar.com https://*.zuora.com 'report-sample'; frame-src https: appsflyerevent: fbrpc: 'report-sample'; img-src https: blob: data:; manifest-src 'self' 'report-sample'; media-src 'none'; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://*.zuora.com 'report-sample'; style-src 'unsafe-inline' https://inassets1-internationsgmbh.netdna-ssl.com/  https://fonts.googleapis.com https://www.gstatic.com https://eu.gcsip.nl 'report-sample'; report-uri https://internations.report-uri.com/r/t/csp/reportOnly 1
default-src * data: blob: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: blob: https: 'unsafe-inline' 'unsafe-eval' *.eurostar.com scripts.eurostar.tech analytics.twitter.com bat.bing.com beacon.krxd.net cdn.kommunicate.io cdn.applozic.com cdn.krxd.net connect.facebook.net consumer.krxd.net eus.cdn-v3.conductrics.com googleads.g.doubleclick.net polyfill.io rules.quantcount.com s.yimg.com sc-static.net secure.quantserve.com sp.analytics.yahoo.com static.ads-twitter.com tag.yieldoptimizer.com tags.tiqcdn.com visitor-service-eu-west-1.tealiumiq.com w.usabilla.com widget.kommunicate.io www.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com www.googletagservices.com ad.doubleclick.net www.paypal.com www.googleadservices.com maps.googleapis.com apply.workable.com snap.licdn.com; connect-src 'self' https: *.eurostar.com bat.bing.com collect-eu-west-1.tealiumiq.com c.contentsquare.net www.google-analytics.com cdn.kommunicate.io api.kommunicate.io chat.kommunicate.io www.paypal.com googleads4.g.doubleclick.net api.rollbar.com www.facebook.com r.contentsquare.net bots.applozic.com stats.g.doubleclick.net wss://socket5.applozic.com wss://socket.applozic.com:80 adservice.google.com pagead2.googlesyndication.com jslog.krxd.net t.co beacon.krxd.net www.bing.com pubads.g.doubleclick.net; report-uri https://endpoint1.collection.eu.sumologic.com/receiver/v1/http/ZaVnC4dhaV2FbC9Ij83SGE3iTXUOUwHd6irC7dEd3crCFxWV0sz34YKvdRhl7b2Pwk5pss2m6jkp8P_KsP_DDMThVLr-k4csrE-WmpY1fji3919gGLcEhQ== 1
default-src data: blob: *.facebook.com *.fbcdn.net *.instagram.com;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.teststagram.com *.instagram.com;style-src data: blob: 'unsafe-inline' * *.teststagram.com *.instagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: i.instagram.com *.cdninstagram.com 'self' *.teststagram.com *.instagram.com;font-src *.facebook.com data: fonts.gstatic.com *.fbcdn.net *.teststagram.com *.instagram.com *.intern.facebook.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: blob: *.cdninstagram.com www.gstatic.com *.fbsbx.com *.teststagram.com *.igsonar.com *.google-analytics.com;frame-src business.instagram.com *.facebook.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.de ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.de *.spreadshirt.de ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.de ; font-src 'self' https: data: *.spreadshirt.de ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.de ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.de ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
frame-src *.trudvsem.ru; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'none';img-src 'self' data: an.yandex.ru yastatic.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv  mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com  mc.webvisor.org;font-src 'self';child-src mc.yandex.ru;connect-src 'self' *.adfox.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org;frame-src 'self' mc.yandex.ru preview.adfox.net;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval' yastatic.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org 'unsafe-inline';report-uri https://csp.yandex.net/csp?from=adfox; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/webmaster/chromeenterprise_google 1
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=website-grader-ui/static-1.724/html/public-en.html&cfRay=67737256db5e3b34-IAD 1
default-src 'none'; base-uri 'none' ; frame-src 'self' *.unidays.world *.facebook.com *.twitter.com *.doubleclick.net *.youtube.com *.google.com *.snapchat.com; connect-src 'self' *.myunidays.com *.myunidays.com *.adzerk.net https://api.segment.io https://cdn.segment.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com ; font-src 'self' data: https: ; img-src 'self' data: https: ; media-src 'self' *.unidays.world *.googleapis.com ;script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'nonce-NyJW+rgeREidJe/cOIVs5Q==' 'sha256-JaJnzDFt7nhixFwT6OGtcVsmCt5j0JhDTL/mOR+yeLc=' 'sha256-swnYD2S3+mg5eUG+ZrxxAe2x8z+BPFsrZJ1loRNz+Nc=' 'sha256-DQwqYB8/sqCTVOZWfXmwexUV+wjyosAzcAcRY2fdDiU=' 'sha256-OO3e79QzApiuzyYscIZeZy6kcVpgZzpc1p2ODfjDt7s=' 'sha256-SiSpQtoSm3gYHCiSdO7bIdwk6nuhuKyKx6I638RpVMs=' ; style-src 'self' 'unsafe-inline' https: ; 1
default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.au&source%5Bsection%5D=brochure&source%5Buuid%5D=4f52065aafa2c2f2e4243309bffe5148 1
frame-ancestors 'self'; 1
base-uri 'none'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'nonce-W8EhXiT3dAk6B6b0k9SeQHVG' 'nonce-4klvnk+8cAH2sGtZE53pBGcS' 'nonce-IwOL6/ZUFNXaqqm3fsZlQoBq' 'nonce-ZSkwpr8cLkr/54IlVISVVIoT' 'nonce-1JHBFS8qRcPc6N4EyJbEDRG5' 'nonce-emRjc2m0HSIrS9V9OJlEU9Wu' 'nonce-kvxOLTWkVaoe8Nkuty6Z0yjQ' 'nonce-LvEwYA2BvSF5JXPiJDqy78Bo' 'nonce-rh4LqR1kygKff5Qz4uTt3DeZ' 'unsafe-inline' https: 'strict-dynamic'; report-uri https://s.batch.com/api/2/security/?sentry_key=bf138b721b7f4a29b492f3ff84dca2b2&sentry_environment=production; 1
font-src 'self' data: 'unsafe-inline' data: *.gstatic.com *.bootstrapcdn.com *.cloudfront.net *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.doubleclick.net *.affirm.com *.stripe.com *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.cloudfront.net *.bing.com *.google.com *.pinterest.com *.facebook.com *.facebook.net *.amazonaws.com *.amazon-adsystem.com *.shareasale-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.cricut.com *.cloudfront.net *.googletagmanager.com *.slgnt.us *.stripe.com *.affirm.com *.zdassets.com *.facebook.com *.facebook.net *.crazyegg.com *.google.com *.bing.com *.pinimg.com *.windows.net *.doubleclick.net *.polyfill.io *.cloudflare.com *.googleapis.com *.jsdelivr.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cloudfront.net *.bootstrapcdn.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.slgnt.us *.affirm.com *.zdassets.com *.zendesk.com *.zopim.com *.pinterest.com *.doubleclick.net *.google-analytics.com *.facebook.com *.facebook.net *.crazyegg.com *.cloudfront.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: blob:; object-src https: blob:; report-uri https://csp-report.magicseaweed.com/api/csp-report/ 1
style-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' 'unsafe-inline' https://use.typekit.net; script-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' 'unsafe-inline' https://js-agent.newrelic.com https://www.google-analytics.com https://use.typekit.net https://bam.nr-data.net https://downloads.mailchimp.com https://s3.amazonaws.com/downloads.mailchimp.com *.list-manage.com; font-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' data: https://use.typekit.net https://themes.googleusercontent.com; default-src 'none'; form-action 'self' https://okfn.us9.list-manage.com; img-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' data: https://gravatar.com https://1.gravatar.com https://2.gravatar.com https://secure.gravatar.com https://p.typekit.net https://ping.typekit.net https://www.google-analytics.com; report-uri https://report-uri.io/report/3b3ae25e9e4ccf5f28ea8bef8e70fc63/reportOnly 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net 	 https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://tags.srv.stackadapt.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.stackadapt.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.youtube.com www.googleadservices.com www.google.com *.doubleclick.net cc.cdn.civiccomputing.com platform.twitter.com js-agent.newrelic.com connect.facebook.net bat.bing.com cdn.syndication.twimg.com content.totalwar.com www.googletagmanager.com bs.serving-sys.com player.twitch.tv; form-action  www.facebook.com platform.twitter.com syndication.twitter.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.totalwar.com fonts.gstatic.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: insight.adsrvr.org www.googletagmanager.com www.facebook.com syndication.twitter.com www.google.com www.youtube.com platform.twitter.com *.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.totalwar.com fonts.googleapis.com platform.twitter.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.facebook.com apikeys.civiccomputing.com bat.bing.com bam-cell.nr-data.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.creative-assembly.com media.giphy.com platform.twitter.com www.google.com syndication.twitter.com *.doubleclick.net content.totalwar.com bam-cell.nr-data.net alb.reddit.com bat.bing.com www.facebook.com abs.twimg.com www.google.co.uk www.googletagmanager.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.totalwar.com; report-uri /csp_report 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com *.bdstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.tool.lu *.baidu.com; img-src 'self' data: *.tool.lu *.href.lu *.baidu.com; media-src 'none'; child-src 'self' *.tool.lu; font-src *.tool.lu *.alicdn.com; connect-src 'self' *.tool.lu *.baidu.com *.alicdn.com; report-uri //a.tool.lu/csp 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk static.ads-twitter.com t.co www.brightedge.com *.everesttech.net *.everestjs.net cdn.cookielaw.org; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.adelphi.edu/_logger/csp.php?host=www.adelphi.edu 1
default-src 'none';upgrade-insecure-requests;style-src https: 'unsafe-inline';font-src https: data:;img-src https: data:;connect-src 'self' https://browser.pipe.aria.microsoft.com https://web.vortex.data.microsoft.com;frame-src https://login.windows-ppe.net https://login.live.com https://login.live-int.com;worker-src 'self' blob:;child-src 'self' blob:;report-uri /api/csp-report?page=Unauth&reportOnly=True;script-src 'nonce-fe0PXHBtwjA7sZCOVgyf7g==' 'unsafe-inline' 'unsafe-eval' https: 'strict-dynamic'; 1
frame-ancestors 'self'; frame-src 'self' *.debate.com.mx *.google.com *.google.com.mx *.twitter.com *.youtube.com *.vimeo.com *.facebook.com *.instagram.com *.ampproject.org *.doubleclick.net *.googleapis.com *.retargetly.com *.googlesyndication.com *.ampproject.net *.admanmedia.com *.vidible.tv *.cxense.com *.googletagmanager.com *.adnxs.com *.rubiconproject.com *.indexww.com *.openx.net *.doubleverify.com *.tiktok.com *.pubmatic.com *.adxyield.com *.facebook.net giphy.com *.memeate.com *.windy.com *.taboola.com *.liveleak.com *.pinterest.com *.hotjar.com *.teads.tv debates.cocinaycomparte.com *.spotify.com *.criteo.com ecdn.firstimpression.io *.forexprostools.com tenor.com ytkids.app.goo.g www.nytimes.com www.vlive.tv streamable.com *.seedtag.com battlefy.com *.imonomy.com *.lijit.com; report-uri https://debate.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.ampproject.org cineplex-cors.groupbycloud.com maps.googleapis.com tpc.googlesyndication.com iad-usadmm.dotomi.com connect.cineplex.com cdn.jsdelivr.net www.googletagservices.com sadmin.brightcove.com www.google.com *.doubleclick.net mediafiles.cineplex.com www.gstatic.com secure.adnxs.com as-sec.casalemedia.com unpkg.com www.google-analytics.com vjs.zencdn.net pagead2.googlesyndication.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: tr.snapchat.com dc.services.visualstudio.com *.doubleclick.net fonts.gstatic.com somni.cineplex.com pagead2.googlesyndication.com ct.pinterest.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.facebook.com s0.2mdn.net www.google.com tpc.googlesyndication.com players.brightcove.net www.youtube.com nym1-ib.adnxs.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: pre.glotgrx.com dmx.districtm.ca lh3.googleusercontent.com px.moatads.com tpc.googlesyndication.com www.google-analytics.com pagead2.googlesyndication.com mediafiles.cineplex.com iad-usadmm.dotomi.com cineplex.cpxstoreimages.com somni.cineplex.com metrics.brightcove.com www.googletagmanager.com f1.media.brightcove.com x.bidswitch.net www.google.com ct.pinterest.com *.moatpixel.com *.doubleclick.net maps.googleapis.com s0.2mdn.net; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: mediafiles.cineplex.com connect.cineplex.com prestage.cineplex.com cineplex.com fonts.googleapis.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: metrics.brightcove.com www.facebook.com 2c803341-0b16-4043-99c6-07cdb5677611-api.agilitycms.cloud www.googleadservices.com bcbolt446c5271-a.akamaihd.net dc.services.visualstudio.com analytics.tiktok.com redirector.gvt1.com www.google.com attestation.android.com search.cineplex.com manifest.prod.boltdns.net pagead2.googlesyndication.com tpc.googlesyndication.com iad-usadmm.dotomi.com dmx.districtm.io dpm.demdex.net apis.cineplex.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cineplex.com connect.cineplex.com fonts.gstatic.com cpx-next-gen-static.azureedge.net vjs.zencdn.net; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: redirector.gvt1.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; form-action  www.facebook.com www.cineplex.com; child-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com tpc.googlesyndication.com tr.snapchat.com; report-uri /csp_report 1
report-uri https://o38422.ingest.sentry.io/api/1381643/security/?sentry_key=035194ae1605493c99dd66c2a7b2ca98; default-src * data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
default-src 'self'; script-src cdn.report-uri.com api.stripe.com js.stripe.com 'nonce-MzkxNTIyMDk4OCwyMjUwMzYyNjU=' static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com; font-src 'self' cdn.report-uri.com; connect-src 'self' api.stripe.com; frame-ancestors *.cloudflareworkers.com *.cloudflare.com; form-action 'self' hooks.stripe.com; frame-src js.stripe.com; child-src js.stripe.com; report-uri https://scotthelme.report-uri.com/r/d/csp/reportOnly; report-to default 1
base-uri 'self';connect-src 'self' https://www.google-analytics.com https://*.googleapis.com https://api.rudderlabs.com https://hosted.rudderlabs.com https://rudderstack.taskade.cloud https://api.stripe.com https://checkout.stripe.com https://sentry.taskade.cloud wss: https://vimeo.com http://*.wistia.com https://*.wistia.com https://*.loom.com;default-src 'self';form-action 'self';media-src 'self' https://js.driftqa.com https://files.taskade.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.cloudflare.com https://js.driftt.com https://widget.drift.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://checkout.stripe.com https://js.stripe.com https://www.youtube.com https://player.vimeo.com;object-src 'none';img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://*.stripe.com https://files.taskade.com https://unpkg.com https://i.ytimg.com https://*.sndcdn.com https://i.vimeocdn.com http://embed.wistia.com https://*.wistia.com https://cdn.loom.com https://*.figma.com https://images.typeform.com https://*.whimsical.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;font-src 'self';frame-src https://js.driftt.com https://widget.drift.com https://checkout.stripe.com https://hooks.stripe.com https://js.stripe.com https://call.taskade.com https://*.youtube.com https://*.soundcloud.com https://player.vimeo.com https://*.loom.com https://*.figma.com https://*.invisionapp.com https://*.typeform.com https://*.whimsical.com;report-uri /webhooks/csp-report;report-to /webhooks/csp-report;frame-ancestors 'none' 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src sir.rediris.es www.rediris.es 'self' abs.twimg.com cdn.syndication.twimg.com pbs.twimg.com platform.twitter.com self syndication.twitter.com ton.twimg.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube-nocookie.com; connect-src www.google-analytics.com; form-action syndication.twitter.com platform.twitter.com; img-src 'self' www.rediris.es abs.twimg.com data: file ton.twimg.com pbs.twimg.com platform.twitter.com; script-src-elem 'self' www.google.com www.googletagmanager.com 'unsafe-inline' www.rediris.es cdn.syndication.twimg.com platform.twitter.com; script-src www.google.com www.gstatic.com 'unsafe-inline'; style-src-elem 'self' www.rediris.es platform.twitter.com ton.twimg.com; style-src 'self'; frame-src 'self' platform.twitter.com syndication.twitter.com www.youtube-nocookie.com; object-src 'self'; report-uri https://27ee058862b5cab81e8d2c18685f28d5.report-uri.com/r/d/csp/wizard 1
default-src 'self'; frame-ancestors 'self'; form-action 'self'; img-src 'self' img.youtube.com https:; object-src 'none'; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.net ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.net *.spreadshirt.net ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.net ; font-src 'self' https: data: *.spreadshirt.net ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.net ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.net ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://js.stripe.com/v3/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://assets.bwbx.io https://developer.apple.com https://images.ctfassets.net https://images.unsplash.com/ https://lh3.googleusercontent.com https://nftgimagebucket.s3-us-west-1.amazonaws.com https://pixel.nymag.com https://res.cloudinary.com https://media.niftygateway.com https://s3-us-west-1.amazonaws.com https://www.facebook.com/tr/ https://www.google-analytics.com/; connect-src https://api.niftygateway.com https://host-vdgrw7.api.swiftype.com https://notify.bugsnag.com https://sessions.bugsnag.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.google-analytics.com; font-src https://fonts.gstatic.com 'self'; object-src 'self'; media-src https://res.cloudinary.com/nifty-gateway/ https://media.niftygateway.com; frame-src https://vars.hotjar.com https://js.stripe.com/v3/; frame-ancestors 'self' 1
report-uri https://www.yelp.com/csp_report_only?id=3bb7181540d791bf&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1627693775; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.jp&source%5Bsection%5D=brochure&source%5Buuid%5D=dee87e5bdd010ffd1e264103d0ed16a2 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com https://script.hotjar.com/; object-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.facebook.com https://connect.facebook.net https://ct.pinterest.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://www.google-analytics.com https://*.facebook.net https://*.sascdn.com https://*.smartadserver.com https://*.addthis.com https://*.pinterest.com https://*.designconnected.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://www.linkedin.com https://*.addthisedge.com https://*.doubleclick.net https://www.googleadservices.com https://*.facebook.com https://*.adform.net https://code.createjs.com https://d31qbv1cthcecs.cloudfront.net https://assets.adsttc.com/insights/ https://s.pinimg.com/ct/ https://www.googleoptimize.com https://*.hotjar.com https://z.moatads.com https://cdn.pushalert.co; connect-src 'self' https://*.smartadserver.com https://*.addthis.com https://www.google-analytics.com https://*.doubleclick.net https://*.addthis.com https://www.facebook.com https://*.adform.net https://www.google.com https://www.instagram.com https://ct.pinterest.com https://*.hotjar.com https://*.hotjar.io https://architonic82.pushalert.co; img-src data: https://*; child-src https://www.facebook.com https://connect.facebook.net https://*.addthis.com https://www.designconnected.com https://www.googletagmanager.com https://www.google.com https://www.youtube-nocookie.com https://*.doubleclick.net https://assets.pinterest.com  https://*.smartadserver.com https://player.vimeo.com https://creatives.sascdn.com https://*.hotjar.com https://ct.pinterest.com; worker-src https://s.ads.smartadserver.com https://www.architonic.com; report-uri https://8bccfb85f92743dccb8ce984043b12e3.report-uri.com/r/d/csp/reportOnly 1
base-uri   'self'; child-src   'self'   blob: ; manifest-src   'self'; object-src   'self'; form-action   'self'; frame-src   microsites.raiffeisen.ch   video.service.raiffeisen.ch   activitymap.adobe.com   chat.aiaibot.com   authorize.omniture.com   sitecatalyst.omniture.com   cdn.tt.omtrdc.net   media10.simplex.tv   nubes.simplex.tv ; report-uri https://api.rreports.ch/svreport/v1/api/wwwrch/csp ; worker-src   'self'; 1
default-src 'none'; script-src 'self'; connect-src 'self' https://*.goguardian.com; img-src 'self' https://*.goguardian.com; style-src 'self'; report-uri https://casper.goguardian.com/csp-report 1
frame-ancestors 'self' http://stage01-osl4-prod.lovdata.c.bitbit.net:* http://smia.lovdata.no:8080/ 1
policy 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://*.hotjar.com https://*.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://polyfill.io https://*.polyfill.io https://code.jquery.com https://www.google-analytics.com https://*.liveperson.net https://*.lpsnmedia.net https://www.google.com https://www.googleadservices.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.fontawesome.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://*.googleapis.com; font-src 'self' https://*.hotjar.com https://*.typekit.net https://*.fontawesome.com  https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; connect-src 'self' https://surveystats.hotjar.io https://*.gmc-uk.org https://vc.hotjar.io https://*.hotjar.com https://*.doubleclick.net https://www.google-analytics.com; frame-src 'self' https://*.hotjar.com https://lpcdn.lpsnmedia.net https://www.youtube.com https://player.vimeo.com https://www.google.com https://*.doubleclick.net; img-src 'self' https://*.hotjar.com https://*.gmc-uk.org https://dequeuniversity.com https://*.google.com https://*.google.co.uk https://www.google-analytics.com https://*.doubleclick.net https://*.adnxs.com 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nr-data.net *.paypalobjects.com *.analytics-egain.com *.trustpilot.com *.newrelic.com *.kk-resources.com *.redditstatic.com *.chainreactioncycles.com *.google.com *.criteo.net *.melissadata.net *.mention-me.com *.bazaarvoice.com www.zenaps.com *.scene7.com the.sciencebehindecommerce.com *.adyen.com seal.digicert.com vars.hotjar.com *.hotjar.com *.criteo.com lantern.roeyecdn.com *.cloudfront.net *.bing.com tracker.marinsm.com *.facebook.net *.trustarc.com *.google-analytics.com www.googletagmanager.com *.scene7.com www.dwin1.com www.googleoptimize.com data:; style-src * 'unsafe-inline'; default-src *.melissadata.net *.sciencebehindecommerce.com *.truste.com *.chainreactioncycles.com *.facebook.com *.hotjar.com *.hotjar.io *.gstatic.com *.bing.com *.googleapis.com *.trustarc.com *.google-analytics.com *.cloudfront.net *.googleoptimize.com; img-src * data:; object-src 'none'; connect-src * ; frame-src * data:; script-src-elem 'unsafe-inline' *.chainreactioncycles.com *.digicert.com *.criteo.com *.google.com *.kk-resources.com www.redditstatic.com analytics.analytics-egain.com js-agent.newrelic.com widget.trustpilot.com bam.nr-data.net www.paypalobjects.com www.googleoptimize.com lantern.roeyecdn.com www.googleadservices.com media.chainreactioncycles.com tracker.marinsm.com *.adyen.com sslwidget.criteo.com *.bazaarvoice.com *.hotjar.com *.googletagmanager.com bat.bing.com www.zenaps.com *.cloudfront.net static.criteo.net *.google-analytics.com www.dwin1.com *.mention-me.com *.facebook.net *.trustarc.com the.sciencebehindecommerce.com *.scene7.com mpsnare.iesnare.com seal.digicert.com9 data:; style-src-elem * 'unsafe-inline'; font-src * data: ; media-src * data:; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri /csp-report.jsp; 1
default-src https: data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.dba.dk/api/csplogger/mixedcontent/dba 1
report-uri /report-violation; form-action 'self' https://*.formlabs.com https://*.marketo.com https://www.facebook.com/tr/; base-uri 'self'; object-src https://formlabs.com https://*.formlabs.com http://localhost:3001; frame-ancestors https://partneruniversity-formlabs.talentlms.com https://university-formlabs.talentlms.com https://internal-formlabs.talentlms.com https://formlabs.com https://*.formlabs.com https://dental.formlabs.com https://careers.formlabs.com http://localhost:3000; upgrade-insecure-requests 1
script-src 'nonce-cEeBPxfNxDSDK5HG6RmKEA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.2o7.net l.evidon.com bat.bing.com dpm.demdex.net cm.everesttech.net c.evidon.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: incommholdings.demdex.net; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: dpm.demdex.net *.omtrdc.net bat.bing.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: assets.adobedtm.com bat.bing.com c.evidon.com; child-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: incommholdings.demdex.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com ; form-action 'none' data: blob: ; report-uri /csp_report 1
frame-ancestors 'self'; report-uri https://ordermygear.report-uri.com/r/t/csp/wizard 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://pp.ephapay.net/ https://pp.eshapay.net/ https://scripts.agilone.com/ https://widget.trustpilot.com/ https://edigitalsurvey.com/ https://static.addtoany.com/ https://c.paypal.com/ https://www.paypal.com https://www.paypalobjects.com/ https://www.sandbox.paypal.com/ https://www.zenaps.com/ https://www.youtube.com/ https://*.doubleclick.net/ https://gum.criteo.com/ https://www.facebook.com/ https://*.hotjar.com/ https://s.salecycle.com https://www.googletagmanager.com/ https://www.google.com https://*.customizer.cadesignform.dk/ https://static.criteo.net/ https://www.youtube-nocookie.com/ https://d16fk4ms6rqz1v.cloudfront.net/ https://*.arcot.com/ https://www.securesuite.co.uk/ https://www.clicksafe.lloydstsb.com/ https://secure.barclaycard.co.uk https://*.photorank.me/; report-uri https://csp-violations.external.wickes.co.uk 1
media-src; script-src starex-assets.fra1.cdn.digitaloceanspaces.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com cdn.jsdelivr.net 'nonce-6m+zSzx4R46atTl8BwqvZA=='; prefetch-src; default-src 'self'; frame-src paytr.com https://www.google.com https://www.youtube.com; navigate-to 'self'; upgrade-insecure-requests; worker-src 'self'; manifest-src starex-assets.fra1.cdn.digitaloceanspaces.com; font-src data: starex-assets.fra1.cdn.digitaloceanspaces.com; base-uri; connect-src 'self' https://www.google-analytics.com; child-src; frame-ancestors; img-src starex-assets.fra1.cdn.digitaloceanspaces.com www.googletagmanager.com www.google.com www.google.az https://www.google-analytics.com https://www.facebook.com; form-action 'self'; style-src 'unsafe-inline' starex-assets.fra1.cdn.digitaloceanspaces.com; object-src; report-uri /csp-report/ 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.blikk.hu::PROD_1_8_0 1
script-src 'nonce-hD9E2hmRmS5FsjOjMV0LdA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
child-src 'self'; connect-src 'self' data: http://*.eyeka.com http://*.google-analytics.com http://*.google.com https://*.adnxs.com https://*.cedexis.com https://*.eyeka.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.kameleoon.com https://*.pusher.com https://slaask.com; default-src 'self' data:; font-src 'self' data: http://*.eyeka.com https://*.embedly.com https://*.eyeka.com https://*.gstatic.com https://*.slaask.com; frame-src 'self' data: http://*.google.com http://*.youtube.com https://*.embedly.com https://*.facebook.com https://*.g.doubleclick.net https://*.google.com https://*.kameleoon.com https://*.kameleoon.eu https://*.uservoice.com https://*.youtube.com; img-src 'self' data: http://*.eyeka.com http://*.google-analytics.com http://*.google.com http://*.s3.amazonaws.com http://*.youtube.com https://*.adnxs.com https://*.ads.linkedin.com https://*.amazonaws.com https://*.cdnetworks.net https://*.eyeka.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.am https://*.google.at https://*.google.be https://*.google.bg https://*.google.bj https://*.google.by https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.cm https://*.google.co.ao https://*.google.co.cr https://*.google.co.id https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.br https://*.google.com.co https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.lb https://*.google.com.mx https://*.google.com.my https://*.google.com.ng https://*.google.com.np https://*.google.com.pa https://*.google.com.pe https://*.google.com.ph https://*.google.com.pk https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.vn https://*.google.cz https://*.google.de https://*.google.dk https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.it https://*.google.kg https://*.google.kz https://*.google.lu https://*.google.me https://*.google.mu https://*.google.ne https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.sc https://*.google.se https://*.google.sn https://*.google.tn https://*.googleapis.com https://*.gravatar.com https://*.gstatic.com https://*.kameleoon.com https://*.licdn.com https://*.linkedin.com https://*.s3.amazonaws.com https://*.slaask.com https://*.twitter.com https://*.uservoice.com https://*.youtube.com https://t.co; manifest-src 'self'; media-src 'self' http://*.eyeka.com http://*.google.com http://*.s3.amazonaws.com https://*.amazonaws.com https://*.eyeka.com https://*.google.com https://*.gstatic.com https://*.s3.amazonaws.com https://*.slaask.com; object-src 'self' data: http://*.eyeka.com https://*.eyeka.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.eyeka.com http://*.google-analytics.com http://*.google.com https://*.adnxs.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.cedexis.com https://*.embedly.com https://*.eyeka.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.id https://*.google.com https://*.google.fr https://*.google.ru https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.kameleoon.com https://*.licdn.com https://*.linkedin.com https://*.mouseflow.com https://*.mxpnl.com https://*.newrelic.com https://*.nr-data.net https://*.pusher.com https://*.slaask.com https://*.twitter.com https://*.uservoice.com https://twitter.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: http://*.eyeka.com https://*.embedly.com https://*.eyeka.com https://*.googleapis.com https://*.slaask.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_5839e7e0b36b4ff3bd538670ea663265 1
default-src 'self' data: https:;style-src 'self' 'unsafe-inline';script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;frame-src 'self' https://www.google.com/recaptcha/;report-uri /api/report/log;report-to csp-endpoint 1
default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data: image/*; frame-ancestors 'self' *.sunrise.ch; frame-src https:; connect-src https: wss: data:; font-src https: data:; media-src 'self' https:; report-uri https://www.sunrise.ch/csp-collector; upgrade-insecure-requests 1
default-src https://*.hawkhost.com:443 data: 'unsafe-inline'; script-src 'self' ajax.cloudflare.com ajax.cloudflare.com static.cloudflareinsights.com https://*.google-analytics.com https://www.googletagmanager.com https://*.livechatinc.com https://*.hawkhost.com https://www.google.com https://www.gstatic.com 'unsafe-inline'; connect-src https://*.doubleclick.net https://*.livechatinc.com https://*.google-analytics.com; frame-src https://*.doubleclick.net https://*.google.com https://*.livechatinc.com; media-src https://*.hawkhost.com:443 https://*.livechatinc.com; img-src https://*.hawkhost.com https://*.livechatinc.com https://*.google.com https://*.google-analytics.com; script-src-elem https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.hawkhost.com https://*.livechatinc.com 'unsafe-inline' 1
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.linkedin.com www.google.co.za analytics.google.com cx.atdmt.com digital.discsrv.co.za www.facebook.com www.google-analytics.com t.co www.google.nl maps.gstatic.com fonts.gstatic.com www.google.com cdn-ukwest.onetrust.com maps.googleapis.com www.google.ie www.googletagmanager.com www.discovery.co.za p.adsymptotic.com *.doubleclick.net analytics.tiktok.com www.google.co.uk www.youtube.com d1vqahcsakjpkp.cloudfront.net api.feefo.com connect.facebook.net px.ads.linkedin.com www.google.fi; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.youtube.com vars.hotjar.com www.facebook.com www.googletagmanager.com d16pi0tqkfzkv3.cloudfront.net maps.google.co.za universal.iperceptions.com www.google.com www.discovery.co.za; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.googleapis.com cdnjs.cloudflare.com www.discovery.co.za; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.discovery.co.za cdnjs.cloudflare.com fonts.gstatic.com static3.avast.com fonts.googleapis.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net collect.feefo.com p.adsymptotic.com www.google-analytics.com analytics.google.com static.ads-twitter.com api.feefo.com www.google.ie in.hotjar.com privacyportal-uk.onetrust.com vc.hotjar.io www.google.co.za connect.facebook.net www.google.fi snap.licdn.com maps.googleapis.com www.facebook.com analytics.tiktok.com px.ads.linkedin.com api.iperceptions.com fonts.googleapis.com www.google.co.uk www.google.com www.google.nl www.discovery.co.za s.yimg.com maps.gstatic.com www.googletagmanager.com analytics.twitter.com cdn.ampproject.org adservice.google.com t.co cdn-ukwest.onetrust.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: d16pi0tqkfzkv3.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: 20584727p.rfihub.com analytics.twitter.com snap.licdn.com s.yimg.com www.google-analytics.com geolocation.onetrust.com static.ads-twitter.com www.googletagmanager.com register.feefo.com www.youtube.com analytics.tiktok.com cdn-ukwest.onetrust.com cdn.ampproject.org www.google.com localhost:8000 www.googleadservices.com maps.googleapis.com script.hotjar.com *.doubleclick.net www.google.co.za connect.facebook.net api.feefo.com static.hotjar.com universal.iperceptions.com; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.discovery.co.za; form-action  www.discovery.co.za www.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: d16pi0tqkfzkv3.cloudfront.net; report-uri /csp_report 1
connect-src *.litix.io *.pusher.com 729-jty-427.mktoresp.com 729-jty-427.mktoutil.com api.bench.co api.segment.io bat.bing.com bench.co boards-api.greenhouse.io cdn.contentful.com cdn.getambassador.com content.proof-x.com data.cdnbasket.net distillery.wistia.com embed.wistia.com embedwistia-a.akamaihd.net https://*.hotjar.com https://heapanalytics.com ids.cdnwidget.com page.cdnbasket.net pipedream.wistia.com pro.ip-api.com requests.getambassador.com stats.g.doubleclick.net vc.hotjar.io view.cdnbasket.net ws://ws.pusherapp.com wss://*.hotjar.com wss://ws.pusherapp.com www.facebook.com www.google-analytics.com www.google.com; font-src bench-assets.imgix.net data: fonts.gstatic.com https://heapanalytics.com script.hotjar.com; frame-src app-ab17.marketo.com bid.g.doubleclick.net boards.greenhouse.io js.driftt.com vars.hotjar.com www.facebook.com www.youtube.com; img-src 'self' * alb.reddit.com app-ab17.marketo.com bat.bing.com bench-assets.imgix.net cx.atdmt.com data: e.cdnwidget.com embed.wistia.com fast.wistia.com hi.hellobar.com https://heapanalytics.com i.ytimg.com images.ctfassets.net s3.amazonaws.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.googletagmanager.com; media-src blob: embed.wistia.com embedwistia-a.akamaihd.net; report-uri https://api.bench.co/api/v1/cspreport.json; script-src 'self' 'unsafe-eval' 'unsafe-inline' app-ab17.marketo.com bat.bing.com boards.greenhouse.io cdn.getambassador.com cdn.proof-x.com cdn.segment.com connect.facebook.net fast.wistia.com googleads.g.doubleclick.net https://cdn.heapanalytics.com https://heapanalytics.com js.driftt.com mbsy.co munchkin.marketo.net my.hellobar.com pixel.cdnwidget.com script.hotjar.com static.hotjar.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com; style-src 'unsafe-inline' app-ab17.marketo.com bench.co fonts.googleapis.com https://heapanalytics.com; worker-src blob: 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cordialdev.com *.cordial.com *.yotpo.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cordialdev.com *.cordial.com *.cordial.io cdn.dnky.co webchat.dotdigital.com *.yotpo.com https://d.news.rockler.com https://www.google.com https://www.youtube.com https://bid.g.doubleclick.net https://gum.criteo.com https://www.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com https://www.rockler.com https://hello.zonos.com https://www.adelixir.com https://www.lightboxcdn.com https://static-na.payments-amazon.com https://d2ldlvi1yef00y.cloudfront.net https://rockler.com https://wac.edgecastcdn.net https://www.googletagmanager.com https://d3cgm8py10hi0z.cloudfront.net https://rn129l.a.searchspring.io https://www.google.com https://ct.pinterest.com https://bat.bing.com https://www.facebook.com https://www.turnto.com https://storemapper-herokuapp-com.global.ssl.fastly.net https://maps.gstatic.com https://go.rockler.com https://maps.googleapis.com 'self' data:;' https://dis.criteo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.cordialdev.com *.cordial.com track.cordial.io r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://cdn.searchspring.net *.yotpo.com https://www.googleoptimize.com https://hello.zonos.com https://js-agent.newrelic.com https://www.googletagmanager.com https://d.news.rockler.com https://www.googlecommerce.com https://www.google.com https://apis.google.com https://www.lightboxcdn.com https://www.gstatic.com https://lightboxapi.azurewebsites.net https://bam-cell.nr-data.net https://www.adelixir.com https://cdn.iglobalstores.com https://widgets.turnto.com https://cdn-ws.turnto.com https://bat.bing.com https://s.pinimg.com https://connect.facebook.net https://rum.layer0.co https://googleads.g.doubleclick.net https://static.criteo.net https://sslwidget.criteo.com https://www.storemapper.co https://storemapper-herokuapp-com.global.ssl.fastly.net https://maps.googleapis.com https://static.www.turnto.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com https://cdn.searchspring.net https://www.lightboxcdn.com https://widgets.turnto.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.cordialdev.com *.cordial.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.yotpo.com https://hello.zonos.com https://track.cordial.io https://bam-cell.nr-data.net https://www.google-analytics.com https://rn129l.a.searchspring.io https://cdn-ws.turnto.com https://we.turnto.com https://beacon.searchspring.io https://stats.g.doubleclick.net https://ct.pinterest.com https://rum.ingress.layer0.co https://d.news.rockler.com https://www.paypal.com https://js.authorize.net https://api.keen.io https://ws.turnto.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://pal-test.adyen.com https://pal-live.adyen.com https://test.adyen.com https://live.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com https://consentcdn.cookiebot.com https://www.facebook.com https://www.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://pal-live.adyen.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://maps.gstatic.com https://www.google.com https://www.google.it 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com https://checkoutshopper-live.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co api.comapi.com webchat.dotdigital.com maps.googleapis.com https://www.googletagmanager.com *.google.com https://cdn.mouseflow.com https://www.gstatic.com https://apis.google.com http://connect.facebook.net https://connect.facebook.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://chimpstatic.com https://www.mczbf.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com https://www.gstatic.com *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.comapi.com webchat.dotdigital.com https://www.facebook.com https://www.google-analytics.com https://bam.nr-data.net https://www.mczbf.com https://stats.g.doubleclick.net https://checkoutshopper.adyen.com https://checkoutshopper-test.adyen.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://spy.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sportico.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self' *.salesforce.com; report-uri https://sentry.io/api/2704353/security/?sentry_key=81bd7f20e40c44acba15bc87de66fecf 1
default-src https:; script-src https: 'self' 'unsafe-eval' 'unsafe-inline'; object-src none; style-src 'unsafe-inline' 'self' https:; report-uri https://www2.medline.com/cspreport.html 1
script-src 'self' *.edpuzzle.com 'unsafe-inline' 'unsafe-eval' latex.codecogs.com service.mtcaptcha.com service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.ytimg.com *.soundcloud.com *.zendesk.com cdnjs.cloudflare.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com; style-src 'self' *.edpuzzle.com 'unsafe-inline' maxcdn.bootstrapcdn.com latex.codecogs.com d1htrclywvryi1.cloudfront.net fonts.googleapis.com; report-uri /api/v3/violations/csp 1
default-src 'unsafe-inline' 'unsafe-eval' https: blob: data:; object-src 'self'; base-uri 'self'; form-action 'self' https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 'unsafe-inline'; report-uri /csp-report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.dirt.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; form-action https:; report-uri https://arlingtonva.report-uri.io/r/default/csp/reportOnly; 1
default-src 'self' https://*.moengage.com https://www.google-analytics.com 'unsafe-inline' https://olaelectric.com https://olaelectric-videos.azureedge.net https://connect.facebook.net https://static.ads-twitter.com https://www.google-analytics.com https://analytics.twitter.com;base-uri 'self';block-all-mixed-content;frame-src https://www.google.com 'self' https://cdn.moengage.com;frame-ancestors 'self';font-src 'self' https://olaelectric.com https: data:;img-src 'self' https://flashblob.azureedge.net data: https://olaelectric.com https://olaelectric-videos.azureedge.net https://oemrebookingblb.blob.core.windows.net https://www.facebook.com https://t.co;object-src 'none';script-src 'self' 'unsafe-inline' https://cdn.moengage.com https://*.moengage.com http://www.googletagmanager.com http://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://connect.facebook.net https://static.ads-twitter.com https://www.google-analytics.com https://analytics.twitter.com https://olaelectric.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline' https://olaelectric.com blob:;upgrade-insecure-requests;report-uri https://olaelectric.com/report-csp-violation 1
default-src 'self' *.nykaafashion.com; img-src data: blob: *.nykaa.com *.nykaafashion.com www.facebook.com www.google-analytics.com www.google.com www.google.co.in ct.pinterest.com googleads.g.doubleclick.net fsnecommerce.sc.omtrdc.net www.googletagmanager.com adservice.google.com *.netcoresmartech.com d2z6mnjt6dr4j3.cloudfront.net www.gstatic.com googleads.g.doubleclick.net www.google.ae www.google.ca www.google.co.uk www.google.com.sg www.google.com.au pagead2.googlesyndication.com www.google.com.kw www.google.com.sa www.google.lk; script-src 'unsafe-inline' 'unsafe-eval' *.nykaafashion.com assets.adobedtm.com www.googleadservices.com www.gstatic.com www.googletagmanager.com *.netcoresmartech.com *.verloop.io www.google-analytics.com googleads.g.doubleclick.net cdn-sdk.hansel.io *.googlesyndication.com connect.facebook.net www.google.com www.google.co.in unpkg.com; style-src 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.g.doubleclick.net cdn-sdk.hansel.io cdn-ops.verloop.io; font-src data: *.nykaafashion.com fonts.gstatic.com cdn-sdk.hansel.io; connect-src data: 'self' *.nykaafashion.com *.nykaa.com *.googleapis.com *.netcoresmartech.com www.google-analytics.com stats.g.doubleclick.net dpm.demdex.net fsnecommerce.sc.omtrdc.net sdk.hansel.io ujm.hansel.io www.google.com d2z6mnjt6dr4j3.cloudfront.net *.verloop.io adservice.google.com; frame-src 'self' *.fls.doubleclick.net *.verloop.io bid.g.doubleclick.net tpc.googlesyndication.com; worker-src blob: *.nykaafashion.com; child-src blob: *.nykaafashion.com; manifest-src *.nykaafashion.com; media-src blob: *.nykaafashion.com d2z6mnjt6dr4j3.cloudfront.net *.verloop.io;report-uri https://prod-sentry.nykaa.com/api/65/security/?sentry_key=b8cc49e2fe384f27aaebbf371d8be21f 1
report-uri https://www.yelp.com/csp_report_only?id=5690a06f190f82fa&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1627705771; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.ampproject.org tpc.googlesyndication.com links.services.disqus.com www.higheredjobs.com csi.gstatic.com adservice.google.com *.doubleclick.net s7.addthis.com m.addthis.com www.google-analytics.com pagead2.googlesyndication.com api-public.addthis.com attestation.android.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googlesyndication.com www.google.com s7.addthis.com tpc.googlesyndication.com disqus.com; prefetch-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googlesyndication.com c.disquscdn.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.googleapis.com testserver.higheredjobs.com c.disquscdn.com; form-action  www.higheredjobs.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: c.disquscdn.com *.googlesyndication.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com px4.ads.linkedin.com csi.gstatic.com dc.ads.linkedin.com www.google-analytics.com p.adsymptotic.com tpc.googlesyndication.com c.disquscdn.com www.higheredjobs.com cdn.viglink.com testserver.higheredjobs.com links.services.disqus.com analytics.click2apply.net *.doubleclick.net maps.google.com www.jobelephant.com www.linkedin.com maps.googleapis.com m.addthis.com px.ads.linkedin.com www.google.com maps.gstatic.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.higheredjobs.com testserver.higheredjobs.com fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com www.google.com pagead2.googlesyndication.com hejarticles.disqus.com maps.google.com m.addthis.com *.doubleclick.net c.disquscdn.com links.services.disqus.com www.googletagservices.com z.moatads.com v1.addthisedge.com api-public.addthis.com cdn.ampproject.org maps.googleapis.com www.gstatic.com testserver.higheredjobs.com adservice.google.com tpc.googlesyndication.com www.googletagmanager.com snap.licdn.com s7.addthis.com; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.higheredjobs.com; report-uri /csp_report 1
default-src 'self' *.acadiau.ca; img-src 'self' *.acadiau.ca *.index.digital *.sitescout.com *.gstatic.com *.bc0a.com *.twimg.com *.facebook.com *.twitter.com *.google.ca *.google.com www.google-analytics.com wl-pixel.index.digital pixel.sitescout.com s3.amazonaws.com *.b0e8.com; font-src 'self' *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com; style-src 'self' *.bootstrapcdn.com *.fontawesome.com *.twimg.com *.twitter.com *.googleapis.com widget.alongside.com 'unsafe-inline'; script-src 'self' *.acadiau.ca *.google.com *.googleapis.com acuityplatform.com *.jquery.com *.bootstrapcdn.com *.facebook.net *.google-analytics.com *.technolutions.net *.twitter.com *.twimg.com widget.alongside.com *.instagram.com *.cloudflare.com e.issuu.com *.pixel.ad *.hotjar.com *.bc0a.com *.b0e8.com theta360.com 'unsafe-inline'; connect-src 'self' *.hotjar.com *.doubleclick.net www.google-analytics.com *.doubleclick.com *.sitescout.com *.doubleclick.n; frame-src 'self' *.hotjar.com *.youtube.com *.vimeo.com *.twitter.com *.issuu.com *.facebook.com *.instagram.com *.sitescout.com theta360.com; frame-ancestors 'self'; 1
script-src 'self' https://cloud.typography.com/7315076/7256812/css/fonts.css; object-src 'none'; report-uri /report-csp-violation 1
frame-ancestors 'self'; report-uri https://o454972.ingest.sentry.io/api/5464239/csp-report/?sentry_key=1eb41851e6a44bd39f12e47f6de24633 1
default-src 'self'; base-uri 'self'; object-src 'none'; upgrade-insecure-requests; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://geo.geo-svc.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://geo.geo-svc.com https://www.google-analytics.com/analytics.js https://ssl.google-analytics.com https://api.bing.com https://www.google.com *.homepage-web.com; img-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline'; Form-action 'self'; Frame-ancestors 'none'; worker-src 'none'; report-uri https://csp.d47wgg8.com 1
object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; report-uri https://uship.report-uri.com/r/t/csp/reportOnly; report-to csp 1
default-src 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.bing.com *.fullstory.com *.pinterest.com *.facebook.com *.criteo.com *.google.com px-client.net pxchk.net *.px-cloud.net https: data: blob: 'self'; script-src *.xg4ken.com *.googleadservices.com googleads.g.doubleclick.net *.moosejaw.com *.lpsnmedia.net *.twitter.com *.criteo.com *.fullstory.com *.liveperson.net *.googlecommerce.com *.facebook.net *.impactradius-event.com *.google.com d3v27wwd40f0xu.cloudfront.net *.rejoiner.com *.bing.com *.signifyd.com fullstory.com *.pinimg.com *.ads-twitter.com *.murdoog.com *.criteo.net *.google-analytics.com *.googletagmanager.com *.monetate.net *.coremetrics.com *.yottaa.net *.attn.tv *.postcodeanywhere.co.uk *.affirm.com 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.agilone.com *.agkn.com *.online-metrix.net *.visa.com *.pcapredict.com d3m83gvgzupli.cloudfront.net *.verisign.com *.getsidecar.com *.truefitcorp.com *.youtube.com *.bazaarvoice.com *.googleapis.com rpxnow.com d29usylhdk1xyu.cloudfront.net *.iesnare.com *.perimeterx.net *.px-cdn.net *.jquery.com *.instagram.com woobox.com d3eaqalnfsy4sn.cloudfront.net *.mastercard.com *.aexp-static.com; object-src 'none'; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=g3UgcLo4h3Ycdg 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com code.jquery.com ajax.googleapis.com bat.bing.com www.myhermes.co.uk widgets.trustedshops.com content.webcollage.net static.hotjar.com x.klarnacdn.net www.googleadservices.com www.usemaxserver.de apps.bazaarvoice.com snippets.freshchat.com euc-widget.freshworks.com display.ugc.bazaarvoice.com www.youtube.com www.gstatic.com www.googletagmanager.com h.online-metrix.net api.geetest.com www.google-analytics.com prod.flixgvid.flix360.io maps.googleapis.com connect.facebook.net www.recaptcha.net network-eu.bazaarvoice.com wchat.freshchat.com analytics-static.ugc.bazaarvoice.com webapp.woosmap.com content.syndigo.com static.geetest.com www.google.com script.hotjar.com scontent.webcollage.net media.flixcar.com api.bazaarvoice.com syndi.webcollage.net sdk.woosmap.com media.flixfacts.com image.smythstoys.com cart.circulator.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: h.online-metrix.net klarna-payments-eu.klarna.com js.klarna.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com 396468268852172.eu.webpush.freshchat.com www.usemaxserver.de media.flixcar.com www.smythstoys.com klarna-payments-eu.klarna.com www.googletagmanager.com display.ugc.bazaarvoice.com www.recaptcha.net www.facebook.com wchat.eu.freshchat.com www.youtube.com vars.hotjar.com www.youtube-nocookie.com h.online-metrix.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: widgets.trustedshops.com bat.bing.com eu.klarnaevt.com cdnjs.cloudflare.com www.facebook.com www.google-analytics.com media.flixcar.com smyths-ce.circulator.com image.smythstoys.com media.flixfacts.com display.ugc.bazaarvoice.com www.googletagmanager.com smedia.webcollage.net webapp.woosmap.com static.geetest.com www.google.com content.syndigo.com fonts.gstatic.com www.google.ch maps.gstatic.com media3.webcollage.net www.gstatic.com images.woosmap.com *.online-metrix.net event.webcollage.net www.google.co.uk *.googleapis.com network-eu.bazaarvoice.com www.smythstoys.com network-eu-a.bazaarvoice.com www.google.at www.google.vg www.myhermes.co.uk photos-eu.bazaarvoice.com rel.webcollage.net h.online-metrix.net event.syndigo.cloud www.google.ie smyths.circulator.com scontent.webcollage.net *.doubleclick.net maps.googleapis.com connect.facebook.net www.google.de; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: media.flixfacts.com wchat.freshchat.com snippets.freshchat.com www.smythstoys.com media.flixcar.com display.ugc.bazaarvoice.com euc-widget.freshworks.com cdnjs.cloudflare.com static.geetest.com scontent.webcollage.net; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: smedia.webcollage.net in.hotjar.com www.facebook.com shops-si.trustedshops.com apps.bazaarvoice.com content.syndigo.com *.doubleclick.net www.google.com trustbadge.api.etrusted.com eu.klarnaevt.com media3.webcollage.net bat.bing.com adservice.google.com euc-widget.freshworks.com media.flixcar.com network-eu.bazaarvoice.com www.smythstoys.com api.trustedshops.com www.google-analytics.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com media.flixfacts.com scontent.webcollage.net www.smythstoys.com media.flixcar.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.syndigo.com media3.webcollage.net image.smythstoys.com smedia.webcollage.net; form-action  www.facebook.com secureacceptance.cybersource.com www.smythstoys.com; report-uri /csp_report 1
frame-ancestors 'self' http://*.oriflame.com https://*.oriflame.com http://*.online.ori https://*.online.ori http://*.ori.local https://*.ori.local http://*.oriflame.cc https://*.oriflame.cc http://*.oriflame.ru https://*.oriflame.ru http://*.oriflame.cn https://*.oriflame.cn; report-uri /CspReport?policyRequestId=fe0985b22b61d14e 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; report-uri https://usercontent.mobileread.org/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ytimg.com *.vimeo.com www.youtube.com www.google.com www.google.no assets.adobedtm.com sparebank1.d3.sc.omtrdc.net *.cicero.no *.sparebank1.no *.googletagmanager.com cdn.tt.omtrdc.net; style-src 'self' 'unsafe-inline' *.sparebank1.no www.youtube.com services.cicero.no translate.googleapis.com; img-src 'self' *.ytimg.com secure.adnxs.com track.adform.net *.doubleclick.net assets.adobedtm.com sparebank1.d3.sc.omtrdc.net alliansesamarbeidets.tt.omtrdc.net cm.everesttech.net www.facebook.com *.sparebank1.no *.boost.ai www.google.no www.google.com *.demdex.net resources.mynewsdesk.com www.googletagmanager.com www.gstatic.com data:; connect-src 'self' *.cicero.no *.demdex.net *.omtrdc.net *.brreg.no *.sparebank1.no www.mynewsdesk.com publish.ne.cision.com translate.googleapis.com edge.adobedc.net; font-src 'self' *.sparebank1.no resources.mynewsdesk.com services.cicero.no data:; media-src 'self'; frame-ancestors 'self'; frame-src 'self' www.sr-finans.no *.sparebank1.no lt.morningstar.com www.youtube.com *.vimeo.com assets.adobedtm.com *.demdex.net sparebank1.demdex.net www.sign.nets.eu ir.asp.manamind.com www.sb1finans.no www.snnfinans.no dbsnn.no www.googletagmanager.com *.doubleclick.net www.ident.nets.eu www.sb1fo.no www.webcruiter.no *.easycruit.com; report-uri /bin/logservlet 1
connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: public-auth-dot-lucky-orange.appspot-preview.com bat.bing.com api.bazaarvoice.com www.facebook.com adservice.google.com *.doubleclick.net s7.addthis.com m.addthis.com apps.bazaarvoice.com www.google-analytics.com www.google.com app.omniconvert.com bam-cell.nr-data.net pubsub.googleapis.com settings.luckyorange.net network.bazaarvoice.com ct.pinterest.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.youtube.com www.google.com s7.addthis.com www.recaptcha.net www.googletagmanager.com match.adsrvr.org *.doubleclick.net hosted.where2getit.com www.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com insight.adsrvr.org; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: d10lpsik1i8c69.cloudfront.net maxcdn.bootstrapcdn.com fonts.googleapis.com display.ugc.bazaarvoice.com cdn.pricespider.com; form-action  www.deltafaucet.com ct.pinterest.com www.facebook.com api.bazaarvoice.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: media.deltafaucet.com d10lpsik1i8c69.cloudfront.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com network.bazaarvoice.com px.steelhousemedia.com www.pinterest.com www.google-analytics.com dpm.demdex.net *.doubleclick.net s3.amazonaws.com www.google.co.in cdn-x.omniconvert.com www.google.ca connect.facebook.net bam-cell.nr-data.net m.addthis.com display.ugc.bazaarvoice.com t.co www.facebook.com media.deltafaucet.com embeddedcloud.pricespider.com goo.gl insight.adsrvr.org photos-us.bazaarvoice.com wwwassets.pricespider.com d10lpsik1i8c69.cloudfront.net match.adsrvr.org nova.collect.igodigital.com www.googleadservices.com www.google.tt www.google.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: p.cquotient.com px.steelhousemedia.com cdn.cquotient.com www.google-analytics.com s.pinimg.com static.ads-twitter.com js.adsrvr.org dx.steelhousemedia.com analytics-static.ugc.bazaarvoice.com www.youtube.com www.google.ca *.doubleclick.net network.bazaarvoice.com d10lpsik1i8c69.cloudfront.net 514007238.collect.igodigital.com e.cquotient.com www.gstatic.com bimsmith.com cdn.pricespider.com www.googletagmanager.com display.ugc.bazaarvoice.com analytics.twitter.com ws.rightonin.com www.google.com www.googleadservices.com bam-cell.nr-data.net ww.steelhousemedia.com locate.pricespider.com apps.bazaarvoice.com m.addthis.com cdn.omniconvert.com bat.bing.com connect.facebook.net code.jquery.com z.moatads.com v1.addthisedge.com js-agent.newrelic.com s3.amazonaws.com api.bazaarvoice.com www.recaptcha.net ajax.googleapis.com s7.addthis.com; report-uri /csp_report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.redhat.com assets.adobedtm.com *.demandbase.com *.eloqua.com redhat.sc.omtrdc.net *.demdex.net fonts.googleapis.com fonts.gstatic.com www.youtube.com 10727170.fls.doubleclick.net px.ads.linkedin.com t.co p.adsymptotic.com www.facebook.com www.google.com api.company-target.com snap.licdn.com platform.twitter.com static.ads-twitter.com connect.facebook.net googletagmanager.com googleadservices.com redhat.tt.omtrdc.net *.hotjar.com *.enterprisersproject.com *.newrelic.com img.en25.com *.twitter.com *.googletagmanager.com *.googleusercontent.com *.doubleclick.net bam-cell.nr-data.net data:; frame-ancestors 'self' http://redhat.lookbookhq.com https://redhat.lookbookhq.com https://www.youtube.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src *.bellroy.com 'self' https: data:; base-uri 'self'; connect-src *.bellroy.com https: wss: www.google.com api.tangiblee.com; font-src *.bellroy.com 'self' data: https: themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com; frame-src *.bellroy.com 'self' https: data: ms-appx-web: www.facebook.com; img-src *.bellroy.com https: data: blob: android-webview-video-poster:; media-src *.bellroy.com https: data: blob:; script-src *.bellroy.com 'self' https: 'unsafe-inline' 'unsafe-eval' data: opera: google.com *.visa.com d1fc8wv8zag5ca.cloudfront.net; style-src *.bellroy.com https: 'unsafe-inline' data:; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp_reports 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://wwggsujy3yobtlvav9zj6w8w.httpschecker.net/report 1
img-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.cdninstagram.com *.gravatar.com www.facebook.com static.lulu.com www.gstatic.com ssl.gstatic.com www.google.com www.googleapis.com clients1.google.com i.ytimg.com *.vimeocdn.com www.paypal.com placekitten.com http://dummyimage.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-eval' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.googleapis.com www.gstatic.com www.google.com cse.google.com *.facebook.net api.instagram.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net 'nonce-bE3j49g8Td+W3sXxMFH42A=='; media-src cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net; report-uri https://www.sidefx.com/csp_reports/; font-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.gstatic.com; style-src 'self' 'unsafe-inline' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.googleapis.com www.google.com tagmanager.google.com *.vimeocdn.com; default-src 'self'; frame-src 'self' data: www.google.com connect.facebook.net www.facebook.net www.facebook.com docs.google.com www.youtube.com lists.sidefx.com *.vimeo.com *.vimeocdn.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net www.facebook.com http://127.0.0.1:1714 ig.instant-tokens.com graph.instagram.com vimeo.com 1
default-src   http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://checkout.stripe.com blob:;  style-src 'self' https://checkout.stripe.com 'unsafe-inline' ;  img-src * https://* http://* data:;  font-src 'self' data:;  script-src http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://js.stripe.com https://checkout.stripe.com https://platform.twitter.com/ https://twitter.com/ blob: 'unsafe-eval' 'unsafe-inline' ;  frame-src 'self'  https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://*.soundcloud.com/ http://www.youtube.com/embed/ https://www.youtube.com/embed/ https://platform.twitter.com/ https://twitter.com/;  media-src http://*.somafm.com https://*.somafm.com https://w.soundcloud.com https://api.soundcloud.com blob:;  object-src 'self' http://*.somafm.com https://*.somafm.com blob:;  connect-src http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://checkout.stripe.com https://api.stripe.com ;  report-uri https://c70042f2c71bb9b31e563921ca1357ff.report-uri.com/r/d/csp/reportOnly 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://blenderartists.org/logs/ https://blenderartists.org/sidekiq/ https://blenderartists.org/mini-profiler-resources/ https://blenderartists.org/assets/ https://blenderartists.org/brotli_asset/ https://blenderartists.org/extra-locales/ https://blenderartists.org/highlight-js/ https://blenderartists.org/javascripts/ https://blenderartists.org/plugins/ https://blenderartists.org/theme-javascripts/ https://blenderartists.org/svg-sprite/ 'report-sample' 'unsafe-inline' https: https://pagead2.googlesyndication.com/; worker-src 'self' https://blenderartists.org/assets/ https://blenderartists.org/brotli_asset/ https://blenderartists.org/javascripts/ https://blenderartists.org/plugins/; report-uri https://blenderartists.org/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' https://app.shopify.com/ https://country-service.shopifycloud.com/ https://monorail-edge.shopifysvc.com/ https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' shopify-assets.shopifycdn.com fonts.gstatic.com; form-action 'self' https://app.shopify.com/; frame-ancestors 'none'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' proxy.shopifycdn.com data: notify.bugsnag.com shopify-assets.shopifycdn.com shopify-assets.shopifycdn.net www.gstatic.com; media-src 'none'; object-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-6k4WOAfvSl7DOwpWH52bnc0hmtQQjXVf5jv/uDuT7D0=' https://shopify-assets.shopifycdn.com https://shopify-assets.shopifycdn.net https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com 'nonce-ljvd/D839hwfKg+xyg0FQDVT5NjR/f/77tjSKQRHIdU=' 'unsafe-inline'; style-src 'unsafe-inline' 'self' shopify-assets.shopifycdn.com shopify-assets.shopifycdn.net fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=new&source%5Bapp%5D=identity&source%5Bcontroller%5D=account_lookup&source%5Buuid%5D=cad28192c35d3178dc375299cf692cbc 1
default-src https:; script-src 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self'; font-src 'self' data: https://fonts.gstatic.com:443; img-src 'self' data: https://secure.gravatar.com:443; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:443 report-uri https://mahadiscom.report-uri.com/r/d/csp/reportOnly 1
img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
script-src 'nonce-J5qZ4FMczbHFqLoxAhO2uw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' data:; connect-src 'self' www.google-analytics.com;script-src 'self' 'report-sample' platform.instagram.com www.instagram.com platform.twitter.com cdn.syndication.twimg.com cdnjs.cloudflare.com connect.facebook.net payment.paytrail.com www.googletagmanager.com www.google-analytics.com; sandbox allow-downloads allow-popups allow-scripts allow-same-origin allow-forms allow-modals allow-popups-to-escape-sandbox allow-presentation; img-src * data: blob:; object-src 'self'; style-src * 'unsafe-inline'; font-src * data: about:; media-src * data:; frame-src * data:; report-uri https://peda.net/:reportcspviolation/00000000-0000-1302-8000-000000000000 1
default-src 'self' 'unsafe-inline' data: blob: ssl.kaptcha.com *.vimeo.com *.bluesnap.com *.ccdc02.com *.google-analytics.com *.google.com *.yahoo.com *.pinimg.com *.redditstatic.com *.taboola.com *.pinterest.com *.googleapis.com *.g.doubleclick.net *.googleadservices.com *.guardiosecurity.com *.facebook.net *.facebook.com *.googlesyndication.com *.googletagmanager.com *.bing.com secure.adnxs.com *.cardinalcommerce.com fullstory.com *.fullstory.com *.typekit.net *.quora.com *.guard.io *.paypal.com *.gstatic.com *.fixel.ai *.youtube.com *.twitter.com *.ads-twitter.com *.outbrain.com *.stripe.com s.yimg.com o435118.ingest.sentry.io; img-src * data: blob:; report-uri https://guard.io/v2/api/csp 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-KrL3tfoaF4F84LZxMGgwSi6yMOLJ5r' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.google.com *.gstatic.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.youtube.com *.facebook.com *.facebook.net *.bbb.org *.adsrvr.org *.unpkg.com *.openstreetmap.org *.paypal.com *.paypalobjects.com *.bbb.org *.infidels.org google.com gstatic.com googleapis.com googleadservices.com google-analytics.com googletagmanager.com g.doubleclick.net googleadservices.com youtube.com facebook.com facebook.net bbb.org adsrvr.org unpkg.com openstreetmap.org paypal.com paypalobjects.com bbb.org infidels.org; img-src *; report-uri https://csrtechinc.uriports.com/reports/report; report-to default 1
script-src 'unsafe-inline' https://www.gstatic.com 'nonce-tlouBKqTjPfBNqkAFVNaUCgJt7gZrj'; base-uri 'none'; object-src 'none'; report-uri /csp 1
child-src 'self'; connect-src 'self' https://*.amazonaws.com https://*.are.na https://*.cloudfront.net https://*.google-analytics.com https://*.pusher.com wss://*.pusherapp.com; default-src 'self'; font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.cloudfront.net https://*.gstatic.com; frame-src 'self' https://*.are.na https://*.embedly.com https://*.google.com https://*.instagram.com https://*.s3.amazonaws.com https://*.stripe.com https://*.vimeo.com; img-src 'self' data: http://*.gstatic.com https://*.are.na https://*.cloudfront.net https://*.ctfassets.net https://*.google-analytics.com https://*.gstatic.com https://*.s3.amazonaws.com https://*.ytimg.com https://gravatar.com; manifest-src 'self'; media-src 'self' http://*.gstatic.com https://*.gstatic.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.gstatic.com https://*.are.na https://*.cloudfront.net https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.pusher.com https://*.stripe.com https://instant.page; style-src 'self' 'unsafe-inline' https://*.are.na https://*.cloudfront.net; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_c2f690c70bd2203791fa5b65771c7bbb 1
object-src players.brightcove.net s.propertyware.com www.propertyware.com vjs.zencdn.net; frame-ancestors 'self'; style-src 'unsafe-inline' *.propertyware.com fonts.googleapis.com info.buildium.com; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 1
default-src 'self' 'unsafe-inline' *.gstatic.com static.cloud.coveo.com fonts.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com *.youtube.com *.ytimg.com *.google-analytics.com stats.g.doubleclick.net siteimproveanalytics.com *.siteimproveanalytics.io static.hubbardone.com ajax.googleapis.com *.siteimprove.com *.cookielaw.org *.onetrust.com 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://www.milestonesys.com/csp/report 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-7Da8r3oTU6KAYv4lHPa7eBTN4HeU5p' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly; 1
block-all-mixed-content; report-uri https://gesoten.report-uri.com/r/t/csp/reportOnly 1
report-uri default-src 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.google.com *.gstatic.com *.googletagmanager.com 1
default-src 'self'; script-src 'self' *.crex24.com *.google-analytics.com https://www.google-analytics.com/analytics.js *.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com ton.twimg.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com wss://crex24.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/ https://xslotframe1.com/; report-uri /api/report-csp1/ 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.addtoany.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.adsrvr.org *.thevoterguide.org *.typekit.net *.rockthevote.com s3.amazonaws.com *.google.com *.gstatic.com vote411-dev.s3.amazonaws.com vote411-release.s3.amazonaws.com vote411-prod.s3.amazonaws.com www.googletagmanager.com ads.undertone.com; object-src 'self' 'unsafe-eval' *.rockthevote.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.typekit.net *.thevoterguide.org *.addtoany.com *.amazonaws.com; img-src 'self' data: *.google-analytics.com *.facebook.com *.addtoany.com *.typekit.net vote411-dev.s3.amazonaws.com vote411-release.s3.amazonaws.com vote411-prod.s3.amazonaws.com *.doubleclick.net www.googletagmanager.com www.google.com i.ytimg.com ads.undertone.com evt.undertone.com; frame-src 'self' *.vote411.org *.rockthevote.com *.addtoany.com insight.adsrvr.org www.google.com lwv.thevoterguide.org maps.google.com match.adsrvr.org www.facebook.com; frame-ancestors *.rockthevote.com; child-src *.rockthevote.com s3.amazonaws.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.typekit.net; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net performance.typekit.net www.google.com www.facebook.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www0mansion0review0jp.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; form-action 'self' *.facebook.com; script-src 'self' 'nonce-b625457b546c5095a8de75057ca8118cfab2ea7fa12cf36bc9603966fadd2731' unsafe-inline *.wp.com *.marketo.com *.marketo.net googleoptimize.com delighted-wp.net *.trustarc.com googletagmanager.com script.crazyegg.com googletagmanager.com heapanalytics.com cdn.heapanalytics.com www.google-analytics.com *.pingdom.net dna8twue3dlxq.cloudfront.net *.omappapi.com snap.licdn.com bat.bing.com connect.facebook.net tag.marinsm.com a.quora.com risk.clearbit.com platform.twitter.com ads-twitter.com www.googleadservices.com pixel-geo.prfct.co a.omappapi.com *.ads-twitter.com googleads.g.doubleclick.net widget.intercom.io *.qualtrics.com js.intercomcdn.com beacon-v2.helpscout.net; style-src 'self' 'unsafe-hashes' 'unsafe-inline' delighted-wp.test *.intercomcdn.com *.wp.com *.marketo.com fonts.googleapis.com googleoptimize.com; frame-src 'self' *.marketo.com *.doubleclick.net *.facebook.com *.youtube.com intercom-sheets.com; font-src 'self' data: fonts.gstatic.com *.wp.com *.trustarc.com *.delighted.com *.marketo.com js.intercomcdn.com; img-src 'self' blob: data: http: https:; connect-src 'self' wss: d3hb14vkzrxvla.cloudfront.net *.delighted.com *.wp.com *.google-analytics.com *.mktoresp.com *.crazyegg.com *.pingdom.net *.intercom.io js.intercomcdn.com risk.clearbit.com *.doubleclick.net *.omappapi.com *.qualtrics.com *.marketo.com; report-uri https://fb4qdnkh2k.execute-api.us-east-1.amazonaws.com/default; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.co.uk ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.co.uk *.spreadshirt.co.uk ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.co.uk ; font-src 'self' https: data: *.spreadshirt.co.uk ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.co.uk ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.co.uk ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
frame-src 'self' https://js.stripe.com https://dialog.filepicker.io https://www.filepicker.io https://content.googleapis.com https://www.google.com https://insight.adsrvr.org https://match.adsrvr.org https://vimeo.com https://player.vimeo.com https://www.youtube.com https://suicidegirls.com https://gfycat.com https://streamable.com https://bandcamp.com https://open.spotify.com https://www.youtube-nocookie.com https://www.facebook.com https://m.facebook.com https://platform.twitter.com https://player.twitch.tv https://w.soundcloud.com https://eroshare.com https://oddshot.tv https://www.pornhub.com https://www.reverbnation.com https://drive.google.com https://www.washingtonpost.com https://www.arte.tv https://www.mixcloud.com https://www.redgifs.com https://redgifs.com https://www.instagram.com https://instagram.com https://www.flickr.com http://www.funnyordie.com https://giphy.com/ 1
script-src 'unsafe-eval' 'unsafe-inline' https: 'nonce-3307552b647a8e593331a379' 'strict-dynamic' 'report-sample' ; worker-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; report-uri https://csp.tourradar.com 1
default-src 'self' https://healthengine.com.au https://*.healthengine.com.au https://d2g92a8pyizotc.cloudfront.net https://ds85ahg0xxb4i.cloudfront.net https://d3o6iw1i9icjwo.cloudfront.net https://d3j3gy15otidth.cloudfront.net https://*.addressify.com.au https://mappify.io https://*.adobedtm.com https://*.tt.omtrdc.net https://*.demdex.net https://*.everesttech.net https://*.algolia.net https://*.algolianet.com https://files.healthengine.com.au.s3-ap-southeast-2.amazonaws.com https://bat.bing.com https://*.bootstrapcdn.com https://*.branch.io https://app.link https://dev.appboy.com https://js.appboycdn.com https://use.fontawesome.com https://sdk.iad-01.braze.com https://cdnjs.cloudflare.com https://connect.facebook.net https://www.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.google.com.au https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.youtube.com https://lh4.googleusercontent.com https://*.hotjar.com https://*.hotjar.io https://healthengine.imgix.net https://cdn.jsdelivr.net https://www.linkedin.com https://platform.linkedin.com https://static.licdn.com https://cdn-gl.imrworldwide.com/ https://secure-dcr.imrworldwide.com https://cdn.ravenjs.com https://browser.sentry-cdn.com https://sentry.io https://js.stripe.com https://platform.twitter.com https://syndication.twitter.com https://*.zdassets.com https://healthengine.zendesk.com 'unsafe-inline' 'unsafe-eval' data:; report-uri https://1e955ba135fa41af99d6f6988877ceb5.report-uri.com/r/t/csp/reportOnly; report-to https://1e955ba135fa41af99d6f6988877ceb5.report-uri.com/r/t/csp/reportOnly; 1
default-src 'self' data: *.typekit.net *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.cloudflare.com *.doubleclick.net 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.uk&source%5Bsection%5D=brochure&source%5Buuid%5D=617262bcb68a91a1e3478fe578c89888 1
default-src 'none'; connect-src 'self' data: https://*.honeybadger.io https://*.convertkit.com/ https://*.profitwell.com https://*.usefathom.com/ https://echidna.honeybadger.io/ https://stats.g.doubleclick.net https://www.google-analytics.com https://api.segment.io/v1/ https://*.wistia.com/x https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com/mput https://rmbutterfly.com/1661691228/ https://embedwistia-a.akamaihd.net/ https://hb-posthog.herokuapp.com; font-src 'self' data: http://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com/; frame-src https://platform.twitter.com https://syndication.twitter.com https://fast.wistia.com; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.profitwell.com https://*.usefathom.com/ https://*.honeybadger.io/ https://*.convertkit.com/ https://gist.github.com https://www.googletagmanager.com/ https://*.wistia.com https://cdn.syndication.twimg.com https://platform.twitter.com https://cdn.segment.com/analytics.js/v1/Vh0hrL9NfiyA8PXfEW4pPCQbrkG2bBAy/analytics.min.js https://fast.wistia.com/ https://identity.netlify.com/v1/netlify-identity-widget.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/ https://hb-posthog.herokuapp.com; style-src 'self' 'unsafe-inline' https://github.githubassets.com/ https://platform.twitter.com https://ton.twimg.com https://fonts.googleapis.com/ https://www.gstatic.com/; media-src 'self' data: blob: https://embedwistia-a.akamaihd.net; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=c2f13350&report_only=true&env=production 1
default-src 'self' ; connect-src 'self' *.visualstudio.com www.facebook.com *.zopim.com t.kmtx.io *.doubleclick.net *.mapbox.com www.google.com ekr.zdassets.com *.zendesk.com *.cloudflare.com *.googleapis.com *.google-analytics.com *.google.com *.onetrust.com *.hotjar.com s.yimg.com *.socialware.com *.hotjar.io wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://widget-mediator.zopim.com www.bing.com www.google.be www.google.co.uk www.google.de www.google.fr www.google.it www.google.nl www.google.pl www.google.ro *.socialware.com *.ucweb.com *.zdassets.com ; font-src data: fonts.gstatic.com v2.zopim.com 'self' *.hotjar.com *.googleusercontent.com ; frame-src 'self' *.vimeo.com *.trustpilot.com *.zscloud.net *.criteo.com *.amazon-adsystem.com *.travelex.co.uk *.twitter.com *.doubleclick.net tpc.googlesyndication.com analytics-google.net www.googletagmanager.com mozbar.moz.com *.facebook.com acs.airplus.com connect.facebook.net vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com twitter.com vimeo.com www.booking.com www.linkedin.com leshuttle.typeform.com ; img-src blob: q-xx.bstatic.com dis.criteo.com ad.sxp.smartclip.net ad.yieldlab.net cotads.adscale.de cdn.stickyadstv.com cm.adform.net r.casalemedia.com rtb-csync.smartadserver.com criteo-partners.tremorhub.com criteo-sync.teads.tv match.bnmla.com contextual.media.net match.sharethrough.com sync-criteo.ads.yieldmo.com visitor.omnitagjs.com ad.360yield.com sync.e-planning.net beacon.krxd.net x.bidswitch.net tags.bluekai.com us-u.openx.net s.ad.smaato.net ad.doubleclick.net pixel.rubiconproject.com *.pubmatic.com secure.adnxs.com *.2mdn.net sp.analytics.yahoo.com sync.outbrain.com *.twitter.com *.blob.core.windows.net *.zopim.com *.zopim.io *.doubleclick.net consent.trustarc.com via.placeholder.com lowffdompro.com *.twimg.com login.microsoftonline.com *.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe *.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar www.google.ch www.google.me www.google.com.ec www.google.ro www.google.nl www.google.com.mx www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.co.in www.google.hr data: img.youtube.com *.googleapis.com 'self' *.google-analytics.com *.facebook.com www.google.co.uk www.google.com ads.stickyadstv.com ads.yahoo.com adservice.google.ad adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.nz adservice.google.co.uk adservice.google.co.za adservice.google.co.zw adservice.google.com adservice.google.com.au adservice.google.com.co adservice.google.com.kw adservice.google.com.mt adservice.google.com.mx adservice.google.com.pe adservice.google.cz adservice.google.de adservice.google.dk adservice.google.es adservice.google.fr adservice.google.gg adservice.google.gr adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.iq adservice.google.it adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.se an.yandex.ru cdn-ukwest.onetrust.com help.eurotunnel.com i.liadm.com i.vimeocdn.com i.ytimg.com translate.google.com twitter.com www.google-analytics.com www.google.ad www.google.ae www.google.al www.google.bg www.google.co.jp www.google.co.ma www.google.co.nz www.google.co.zw www.google.com.au www.google.com.gi www.google.com.kw www.google.com.mt www.google.com.pk www.google.com.qa www.google.ee www.google.gg www.google.hu www.google.iq www.google.je www.google.li www.google.lt www.google.lu www.google.rs www.google.si www.google.sn www.google.tn *.googletagmanager.com *.doubleclick.net *.facebook.net *.pinterest.com *.yahoo.com ; media-src 'self' static.zdassets.com data: ; child-src 'self' 'blob' blob ; script-src-elem 'self' *.onetrust.com sslwidget.criteo.com static.criteo.net s.kmtx.io ; script-src 'self' blob: data az416426.vo.msecnd.net *.zopim.com *.criteo.com *.onetrust.com *.zscloud.net *.googlesyndication.com *.twitter.com *.trustpilot.com *.doubleclick.net *.truste.com *.trustarc.com *.zendesk.com *.zopim.com *.zdassets.com *.twimg.com www.gstatic.com *.google.com *.googlesyndication.com *.bootstrapcdn.com *.googleapis.com *.instagram.com *.facebook.net eval: inline: *.ytimg.com *.hotjar.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' *.googleadservices.com *.googletagmanager.com *.youtube.com *.google-analytics.com *.typeform.com data: s.yimg.com *.yahoo.com ; style-src *.twitter.com *.googleapis.com inline: 'self' 'unsafe-inline'; report-uri https://eurotunnel.report-uri.com/r/d/csp/reportOnly 1
object-src 'none'; script-src 'nonce-rQRHKEdUrwNRlFhrJrTzFg==' 'unsafe-inline'  'strict-dynamic' https: http: maps.googleapis.com www.google.com/jsapi; base-uri 'none'; report-uri https://reservio.report-uri.com/r/d/csp/reportOnly; 1
report-uri https://endpoint2.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV3VOE24ov0vchYgO3uoxKHdePxnKoFiICkeq1Vt2reRBEg4zYmpS2XL1UJS-0Ova9gUiV2PUH3EvuXcIOdrBPvAUgkIP-ZRbRMryNUY6YGqAQ== ; block-all-mixed-content ; default-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.live ; script-src 'report-sample' 'self' 'unsafe-eval' https://*.videoask.com https://*.videoask.live 'unsafe-inline' https://js.stripe.com https://www.dropbox.com https://*.calendly.com https://*.oncehub.com https://cdn.amplitude.com https://cdn.cookielaw.org https://cdn.rollbar.com https://cdn.segment.com https://connect.facebook.net https://fast.wistia.com https://script.crazyegg.com https://snap.licdn.com https://snippet.growsumo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://cdn.optimizely.com https://js.partnerstack.com https://edge.fullstory.com ; base-uri 'report-sample' 'self' ; img-src 'report-sample' 'self' data: blob: android-webview-video-poster: https: ; media-src 'report-sample' 'self' blob: data: https: ; connect-src 'report-sample' 'self' blob: https://*.videoask.com https://*.videoask.live wss://*.videoask.live wss://*.videoask.com https://videoask-media-dev.s3-accelerate.amazonaws.com https://videoask-media-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3-accelerate.amazonaws.com https://videoask-uploads-prod.s3-accelerate.amazonaws.com https://videoask-uploads-dev.s3.amazonaws.com https://videoask-uploads-prod.s3.amazonaws.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.launchdarkly.com https://*.pexels.com https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.rollbar.com https://api.segment.io https://api.amplitude.com https://*.g.doubleclick.net https://www.google-analytics.com https://*.crazyegg.com https://p.adsymptotic.com https://www.facebook.com https://track.segmetrics.io https://*.google.com https://rs.fullstory.com https://grsm.io https://cdn.cookielaw.org https://*.onetrust.com https://*.contentful.com https://videoask.zendesk.com https://*.optimizely.com ; style-src 'report-sample' 'self' https://font.typeform.com 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://cdn.cookielaw.org https://cdn.quilljs.com ; font-src 'report-sample' 'self' data: https://font.typeform.com https://fonts.gstatic.com ; frame-src 'report-sample' 'self' https://*.videoask.com https://*.videoask.live https://calendly.com https://app.acuityscheduling.com https://*.oncehub.com https://js.stripe.com https://videoask.eu.auth0.com https://dev-videoask.eu.auth0.com https://*.wistia.com https://www.facebook.com https://*.doubleclick.net https://6g4qf7txd07m.statuspage.io https://*.optimizely.com ; frame-ancestors * ; object-src 'none' ; 1
report-uri https://sentry.io/api/221673/security/?sentry_key=3afaff7eee7146358bf291fdd649cba7 1
default-src 'self' data: mediastream: blob: 'unsafe-inline' 'unsafe-eval' inline *.ibytedtos.com *.isnssdk.com *.resso.app resso.app *.resso.me *.snssdk.com *.byteoversea.net *.ibyteimg.com *.ipstatp.com *.tiktokv.com *.byteoversea.com;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=m_home 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com cdn.ampproject.org connect.facebook.net ajax.googleapis.com www.google.com www.googleadservices.com *.doubleclick.net mc.yandex.com www.gstatic.com static.currency.com www.googletagmanager.com static.ads-twitter.com mc.yandex.ru www.google-analytics.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: o306080.ingest.sentry.io; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.currency.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.facebook.com www.google.com ams.creativecdn.com payment.backend-capital.com *.doubleclick.net site.recognia.com www.youtube.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.mx alb.reddit.com www.google.co.id www.facebook.com www.google.by www.google-analytics.com www.google.co.th mc.yandex.ru img.youtube.com images-media.currency.com www.googletagmanager.com vk.com www.google.pl mc.yandex.by www.google.com www.google.com.sa www.google.com.ua www.google.kz www.gstatic.com www.google.gr static.currency.com www.google.com.ph www.google.com.vn www.google.ro mc.yandex.com www.google.co.in capital.com *.amazonaws.com www.google.ae img.currency.com www.google.ru v2assets.zopim.io www.google.co.kr www.google.de www.google.com.co www.google.com.my www.google.no; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.currency.com cdnjs.cloudflare.com fonts.googleapis.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: currency-support.zendesk.com www.googletagmanager.com www.facebook.com capital.com mc.yandex.md payment.backend-capital.com mc.yandex.by *.doubleclick.net www.google.com public-markets.backend.currency.com ekr.zdassets.com o306080.ingest.sentry.io api.backend-capital.com mdapi-http.backend-capital.com api.backend.currency.com mc.yandex.com mc.yandex.ru www.google-analytics.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.currency.com fonts.gstatic.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.zdassets.com img.currency.com static.currency.com; form-action  www.facebook.com; report-uri /csp_report 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.google.com *.zopim.com *.hotjar.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.hotjar.com *.trustpilot.com *.youtube.com *.freshchat.com https://www.googletagmanager.com/ www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.google.com *.google.com.vn *.bsscommerce.com *.zopim.io *.zopim.com *.bing.com *.googletagmanager.com *.hotjar.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.googleapis.com *.addthis.com *.google.com *.trackedlink.net *.cloudflare.com *.zopim.com *.hotjar.com *.zdassets.com chimpstatic.com *.trustpilot.com *.googletagmanager.com *.crazyegg.com *.bing.com *.gstatic.com *.freshchat.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ connect.facebook.net twitter.com platform.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com maxcdn.bootstrapcdn.com *.trackedlink.net *.doubleclick.net *.freshchat.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zopim.io *.zopim.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.paypal.com *.googleapis.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.zdassets.com wss://*.hotjar.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; font-src https: data:; style-src 'unsafe-inline' https:; object-src 'self';connect-src https: wss:; script-src 'nonce-wYx0mQlH2c/p01Oj1Sbd1wl94Tz/5oWCQt0Xk67nfRI=' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; img-src https: data:; report-uri /webhooks/csp-log/create 1
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: sbs.e-paycapita.com pixel.mathtag.com www.googletagmanager.com c.webtrends-optimize.com secure.adnxs.com adservice.google.com *.doubleclick.net www.tvlicensing.co.uk www.google.co.uk statse.webtrendslive.com s3-eu-west-1.amazonaws.com app.meetami.ai www.google.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net pixel.mathtag.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.tvlicensing.co.uk; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com app.meetami.ai; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: app.meetami.ai chat.meetami.ai ots.optimize.webtrends.com adservice.google.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: app.meetami.ai; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: statse.webtrendslive.com c.webtrends-optimize.com s.webtrends.com www.googletagmanager.com pixel.mathtag.com www.googleadservices.com ajax.googleapis.com *.doubleclick.net www.tvlicensing.co.uk ots.optimize.webtrends.com app.meetami.ai; form-action  www.tvlicensing.co.uk; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 1
font-src *.fontawesome.com *.typekit.net *.yotpo.com https://www.gstatic.com 'unsafe-inline' data: *.cloudmaestro.com https://fonts.gstatic.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.doubleclick.net *.cookiebot.com *.adsrvr.org *.force.com *.affirm.com *.signifyd.com *.online-metrix.net *.hotjar.com *.facebook.com *.paypalobjects.com *.vimeo.com https://www.google.com *.yotpo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de store.paradoxlabs.com *.imgix.net *.yotpo.com *.collect.com *.bing.com *.google.com *.google.ca *.google.dk *.google.co.uk *.google.no *.google.co.jp *.cloudfront.net *.igodigital.com *.adsrvr.org *.affirm.com tr.snapchat.com *.signifyd.com s3.amazonaws.com *.paypal.com *.online-metrix.net ct.pinterest.com px.ads.linkedin.com www.facebook.com p.adsymptotic.com *.googletagmanager.com shinola-m2.s3.us-east-2.amazonaws.com *.cloudmaestro.com *.google.co.in *.webscale.com s.amazon-adsystem.com shinola-m2.s3.amazonaws.com filson-m2.s3.amazonaws.com *.doubleclick.net fonts.gstatic.com id.rlcdn.com ads.avocet.io ads.avct.cloud connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.shinola.com *.filson.com *.cloudflare.com *.yotpo.com *.googletagmanager.com *.igodigital.com *.cookiebot.com *.remoteretail.com *.force.com *.bing.com *.adsrvr.org *.cloudfront.net *.retentionscience.com *.salesforceliveagent.com *.affirm.com *.signifyd.com *.sc-static.net sc-static.net s.pinimg.com snap.licdn.com www.facebook.com s.yimg.com ws.zoominfo.com *.hotjar.com *.doubleclick.net *.analytics.yahoo.com *.impactradius-event.com *.cloudmaestro.com *.nr-data.net *.newrelic.com www.googleoptimize.com tag.measured.com https://www.google.com https://www.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.typekit.net *.yotpo.com *.googleapis.com *.force.com *.cloudmaestro.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.imgix.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.paypal.com *.doubleclick.net *.yotpo.com *.google-analytics.com *.affirm.com *.signifyd.com *.signifyd.com:* *.authorize.net *.remoteretail.com *.rollbar.com *.bing.com ct.pinterest.com *.hotjar.com partners.shinola.com www.facebook.com *.nr-data.net *.newrelic.com *.google.com connect.facebook.net graph.facebook.com business.facebook.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://shinola.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data: ; report-uri https://booklog.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://static.addtoany.com https://www.google-analytics.com https://s3.amazonaws.com/downloads.mailchimp.com/ https://use.fontawesome.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdn-images.mailchimp.com; img-src 'self' data: https://static.eoi.es https://www.google.com https://www.google.es/ads/ga-audiences; frame-src 'self' https://form.jotformeu.com/; frame-ancestors 'self' https://form.jotformeu.com/; font-src 'self' https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' https://www.google.com chrome-extension: https://code.jquery.com https://code.createjs.com https://pos.gosuslugi.ru https://www.googletagmanager.com https://25prim.ru 'unsafe-eval' 'unsafe-inline' 'unsafe-inline' https://www.gstatic.com https://bitrix.info https://stat.sputnik.ru https://mc.yandex.ru https://www.google-analytics.com blob: asset 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://pos.gosuslugi.ru chrome-extension: https://25prim.ru https://dl.metabar.ru; object-src 'self'; report-uri /cspreportonly; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: dvngeac8rg9mb.cloudfront.net d34s7xanp5e5sf.cloudfront.net www.gstatic.com js.stripe.com *.googleapis.com www.google.com compilers.widgets.sphere-engine.com; connect-src 'self' wss://push.piazza.com api.stripe.com; img-src 'self' data: http: https:; object-src 'none'; font-src 'self' data: *.typekit.net *.gstatic.com; style-src 'self' 'unsafe-inline' blob: *.typekit.net *.gstatic.com *.googleapis.com dvngeac8rg9mb.cloudfront.net; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.vimeo.com player.vimeo.com www.facebook.com youtu.be gfycat.com www.google.com giphy.com docs.google.com calendar.google.com www.desmos.com www.geogebra.org; report-uri /security/csp_report 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp:; report-uri /csp-report 1
script-src 'self' 'unsafe-inline' chrome-extension: https://bitrix.info https://www.googletagmanager.com https://support.rusneb.ru https://rum-static.pingdom.net https://www.google-analytics.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self'; object-src 'self'; report-uri /cspreportonly; 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.google.com *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com *.adyen.com *.alekseon-test.eu media-akam.licdn.com www.facebook.com maps.googleapis.com data: *.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com www.youtube.com video.google.com *.adyen.com www.google.com www.gstatic.com maps.googleapis.com chimpstatic.com connect.facebook.net *.forter.com h.online-metrix.net https://www.googletagmanager.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fonts.net fonts.googleapis.com *.bootstrapcdn.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src manolo.alekseon-test.eu www.manoloblahnik.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.forter.com www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com kit.fontawesome.com connect.facebook.net cdn.polyfill.io code.jquery.com www.google-analytics.com ssl.google-analytics.com www.googleoptimize.com script.crazyegg.com cdn.syndication.twimg.com speedtest.cable.co.uk cdnjs.cloudflare.com maxcdn.bootstrapcdn.com widget.trustpilot.com s3.amazonaws.com cable.us4.list-manage.com admin.cable.co.uk services.xg4ken.com unpkg.com script.hotjar.com static.hotjar.com c5.adalyser.com localhost:3000; connect-src 'self' *.fontawesome.com api.addressy.com in.hotjar.com ws1.hotjar.com cable.us4.list-manage.com admin.cable.co.uk stats.g.doubleclick.net localhost:3000; img-src 'self' data: *.cable.co.uk www.google.com www.googletagmanager.com www.google.co.uk www.google-analytics.com s1.2mdn.net ad.doubleclick.net stats.g.doubleclick.net gtrk.s3.amazonaws.com pbs.twimg.com code.jquery.com 19.xg4ken.com s3-eu-west-1.amazonaws.com pcf.tdscd.com c5.adalyser.com v2.crocdn.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com admin.cable.co.uk pro.fontawesome.com localhost:3000; font-src 'self' *.fontawesome.com maxcdn.bootstrapcdn.com admin.cable.co.uk data: localhost:3000; object-src 'self' api.ookla.com fpdownload.adobe.com; frame-src 'self' widget.trustpilot.com vars.hotjar.com googleads.g.doubleclick.net data:; child-src 'self' blob:; report-uri /csp-violation-report/ 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; object-src 'none'; frame-src 'self'; child-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; report-uri 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net *.google.com https://connect.facebook.net *.gstatic.com https://www.google-analytics.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net; img-src 'self' data: *.gstatic.com *.littler.com p.typekit.net  https://www.google-analytics.com https://maps.googleapis.com https://i.vimeocdn.com; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com https://w.soundcloud.com https://www.google.com; frame-ancestors 'self'; child-src 'self' https://player.vimeo.com/; font-src 'self' https://themes.googleusercontent.com  'unsafe-inline' use.typekit.net *.gstatic.com; connect-src 'self' https://www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
report-uri https://www.yelp.com/csp_report_only?id=6aba36cf07144e24&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1627695035; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
frame-ancestors 'self' www.visitvictoria.com *.visitvictoria.com www.visitmelbourne.com *.visitmelbourne.com; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com http://fonts.googleapis.com https://www.googletagmanager.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://fast.fonts.net http://performance.typekit.net/ https://performance.typekit.net/ http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://p.typekit.net/ https://p.typekit.net/ http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.vimeo.com/ https://player.vimeo.com/  http://player.polyv.net http://cdn.cookielaw.org http://cdn.cookielaw.org https://cdn.cookielaw.org ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://fonts.googleapis.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://use.typekit.net/ https://use.typekit.net/ http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://player.polyv.net https://player.polyv.net https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://fonts.googleapis.com https://fonts.googleapis.com http://use.typekit.net/ https://use.typekit.net/ http://cdnjs.cloudflare.com http://fast.fonts.net/ https://p.typekit.net http://p.typekit.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/; frame-src 'self' http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://www.google.com; 1
upgrade-insecure-requests; block-all-mixed-content; report-uri https://diyaudioreport.report-uri.com/r/d/csp/reportonly 1
default-src 'none';script-src 'self' 'report-sample' www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/ https://www.googleadservices.com/ https://tpc.googlesyndication.com/ 'sha256-+22BYd+8aA3Gi56EEOI+I6Z7uJmkAFhQhXf+c9EVkPk=' 'sha256-0VdIYpf1kxdaxE4+E0BnVhZlFsZwq9WOYt0KxCTd8po=' az416426.vo.msecnd.net dc.services.visualstudio.com 'sha256-+jgReMTiqT2n7Y6iWz1dYsqmU/kM4s4vo1k+s+Ig+IQ=' 'sha256-HKl9UJVD1GtrLsxHPWZTyZJtnEfZ74k73XyJ8+7OibA=';style-src 'self';img-src https: data:;connect-src 'self' www.google-analytics.com stats.g.doubleclick.net dc.services.visualstudio.com;manifest-src 'self';frame-src cdn.sw.altova.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://d16rvxb3ygtv4q.cloudfront.net/ https://tpc.googlesyndication.com/;report-uri /CspViolations 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.trulieve.com fonts.googleapis.com *.cloudflare.com code.jquery.com snapwidget.com static.zdassets.com www.google-analytics.com cdn.surfside.io snapwidget.com js-agent.newrelic.com bam-cell.nr-data.net *.google.com www.gstatic.com connect.facebook.net static.zdassets.com *.sharethis.com linkhelp.clients.google.com maps.googleapis.co *.cloudmaestro.com www.google-analytics.com maps.googleapis.com cdn.forms-content.sg-form.com scontent-dfw5-2.cdninstagram.com; report-uri /.webscale/csp-report 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.useinsider.com www.google.com connect.facebook.net mc.yandex.com cdn.livechatinc.com mc.yandex.kz www.gstatic.com www.googletagmanager.com api.livechatinc.com mc.yandex.ru www.google-analytics.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.facebook.com www.google.com secure.livechatinc.com kc-we-email-redirect-form.azurewebsites.net www.googletagmanager.com *.useinsider.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: mc.yandex.kz www.google.kz *.useinsider.com www.facebook.com www.google-analytics.com mc.yandex.ru www.google.com.tr www.googletagmanager.com airastana.com mc.yandex.com www.google.com www.google.ru www.google.com.ua; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.useinsider.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: yandexmetrica.com:29010 www.facebook.com mc.yandex.md 127.0.0.1:30102 yandexmetrica.com:30103 *.doubleclick.net api.livechatinc.com mc.yandex.kz ymetrica1.com *.useinsider.com mc.yandex.com ka-f.fontawesome.com 127.0.0.1:29009 mc.yandex.ru www.google-analytics.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com *.useinsider.com ka-f.fontawesome.com *.amazonaws.com; form-action  www.facebook.com airastana.com; report-uri /csp_report 1
default-src 'self' data: https: 'unsafe-inline' http://*.omniupdate.com *.twimg.com http://img.youtube.com d.adroll.mgr.consensu.org s.dca0.com; script-src 'self' 'unsafe-inline' *.emu.edu *.adroll.com script.crazyegg.com www.googletagmanager.com www.youvisit.com *.google-analytics.com pi.pardot.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net api.meritpages.com *.google.com *.googleapis.com *.addthis.com graph.facebook.com *.purechat.com *.purechatcdn.com *.ebscohost.com code.jquery.com 25livepub.collegenet.com widgets.pinterest.com platform.twitter.com instawidget.net *.twimg.com api.darksky.net assets.adobedtm.com embedr.flickr.com widgets.flickr.com s3.amazonaws.com d.adroll.mgr.consensu.org s.dca0.com; report-uri /is/csp/report/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.twitter.com *.outbrain.com bam.nr-data.net bat.bing.com *.taboola.com *.facebook.net *.facebook.com *.visualwebsiteoptimizer.com *.doubleclick.net *.hubspot.com api.hubapi.com js.hs-analytics.net js.hsadspixel.net js.hs-scripts.com js.usemessages.com js.driftt.com *.yandex.ru *.newrelic.com *.linkedin.com *.leadforensics.com *.bizographics.com *.outbrain.com gateway.zscloud.net www.google-analytics.com www.google.com www.google.ch www.google.ru www.google.co.in www.google.co.jp www.google.co.uk www.google.de www.google.com.sg www.google.com.pe www.google.co.th www.google.bg www.google.at https://www.google.es www.googleadservices.com www.googletagmanager.com *.gravatar.com statics.teams.cdn.office.net sc.getabstract.com:*; report-uri /csp-reports 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-FYHt+03VmRLWHey8AFAmpbPpOkXkEk' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors 'self'; default-src https: wss: 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; report-uri https://7db460822c3f57fdf92d4dc397507d30.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.youtube.com; frame-src 'self' *.youtube.com *.twitter.com *.google.com *.facebook.com *.wowza.com http://wowzaprod123-i.akamaihd.net; style-src 'self' 'unsafe-inline' https://fast.fonts.net *.typekit.net *.twitter.com *.twimg.com *.wowza.com *.icontact.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.youtube.com *.twitter.com *.twimg.com *.facebook.net *.cloudflare.com https://secure.adnxs.com *.demandbase.com *.icontact.com *.gstatic.com *.google.com *.wowza.com; img-src 'self' data: *.youtube.com  https://aepcdn.com *.twitter.com *.google-analytics.com *.twimg.com *.twimg.com *.facebook.com https://secure.adnxs.com *.demandbase.com https://aep-power.tsyawshost.com *.icontact.com http://prod-railsapp.s3.amazonaws.com; connect-src 'self' http://wowzaprod123-i.akamaihd.net *.wowza.com https://americanelectric2018tf.q4web.com; media-src 'self' http://wowzaprod123-i.akamaihd.net *.youtube.com blob: ; font-src 'self' https://use.typekit.net data: ; 1
report-uri https://www.yelp.com/csp_report_only?id=f8d7cd2d6a005f75&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1627695484; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src 'self'; script-src cdn.report-uri.com api.stripe.com js.stripe.com 'nonce-Mzg2NzQyOTE0NiwzODc2NDczMDA5' static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com; font-src 'self' cdn.report-uri.com; connect-src 'self' api.stripe.com; frame-ancestors *.cloudflareworkers.com *.cloudflare.com; form-action 'self' hooks.stripe.com; frame-src js.stripe.com; child-src js.stripe.com; report-uri https://scotthelme.report-uri.com/r/d/csp/reportOnly; report-to default 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' d31j93rd8oukbv.cloudfront.net https://www.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://cdn.paddle.com https://checkout.paddle.com https://*.zopim.com https://*.zdassets.com; frame-src https://www.google.com/ https://optimize.google.com https://checkout.paddle.com https://buy.paddle.com https://create-checkout.paddle.com; connect-src 'self' https://d31j93rd8oukbv.cloudfront.net https://www.google-analytics.com https://analytics.paddle.com https://browsec.zendesk.com wss://*.zopim.com https://*.zopim.com https://*.zdassets.com; report-uri /api/v1/reports; 1
default-src 'unsafe-eval' 'unsafe-inline' blob blob: data: https: wss:; block-all-mixed-content; report-uri /csp.php?h=f743080d&v=4 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.moxa.com *.moxa.com.cn https://*.google.com *.addthis.com *.youtube.com;              style-src 'unsafe-inline' *;               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.moxa.com *.moxa.com.cn www.googletagmanager.com www.youtube.com fast.fonts.net  cdn-cms.azureedge.net     *.google-analytics.com *.crazyegg.com *.googleadservices.com cdn.bizible.com                         cdn-akamai.mookie1.com s.ytimg.com *.pingdom.net *.doubleclick.net *.marketo.net        cdn.polyfill.io tags.tiqcdn.com tags.tiqcdn.cn *.marketo.net                         *.usabilla.com *.gstatic.com *.google.com  *.facebook.net *.facebook.com *.addthis.com *.addthisedge.com        *.googleapis.com *.googletagmanager.com *.youtube.com *.moatads.com       cdn.onesignal.com *.swiftypecdn.com *.onesignal.com *.assets.zendesk.com easyid.scansafe.net       static-resource.com cdn-javascript.net gateway.zscaler.net easyid.scansafe.com gateway.zscloud.net       *.optnmnstr.com tribedone.org *.exeloncorp.com linkangood.com filter.nov.com rasenalong.com       osskanger.com yastatic.net;              connect-src 'self' *.mktoresp.com *.pingdom.net *.moxa.com *.moxa.com.cn *.facebook.com *.addthis.com *.google-analytics.com               *.pingdom.net *.doubleclick.net *.zdassets.com *.api.opmnstr.com plugin.ucads.ucweb.com easyid.scansafe.net;     frame-src 'self' *.doubleclick.net *.addthis.com *.google.com *.mookie1.com *.youtube.com *.googleapis.com *.akamaihd.net *.facebook.com  ;     img-src 'self' data: *;      font-src 'self' data: *;     media-src 'self' data: *.gstatic.com;      report-uri https://moxacsp.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; img-src * data:; font-src 'self' *.clearscore.com cdn2-fs.clearscore.com fonts.gstatic.com storage.googleapis.com data:; style-src 'self' 'unsafe-inline' *.clearscore.com cdn2-fs.clearscore.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clearscore.com cdn.glassboxcdn.com cdn.segment.com www.googletagmanager.com www.google.com cdnil.clarisite.com www.google-analytics.com www.googleadservices.com *.doubleclick.net sp.analytics.yahoo.com s.yimg.com app.link cdn.branch.io app.link snap.licdn.com connect.facebook.net cdn.appsflyer.com cdn.calconic.com *.taboola.com ucads-cdn.ucweb.com static.ads-twitter.com analytics.twitter.com www.redditstatic.com; connect-src 'self' *.clearscore.com www.google-analytics.com adservice.google.com www.google.com www.google.co.za www.google.co.uk www.google.com.au www.googletagmanager.com report.clearscore.glassboxdigital.io sentry.io api.segment.io stats.g.doubleclick.net www.facebook.com apply.workable.com gbr-smv-tracking.adalyser.com api.raygun.io api2.branch.io banner.appsflyer.com s.yimg.com app.calconic.com statistics-dot-calconic-app.appspot.com trc-events.taboola.com pips.taboola.com cds.taboola.com gjtrack.ucweb.com plugin.ucads.ucweb.com px.ads.linkedin.com sp.analytics.yahoo.com t.co alb.reddit.com; media-src 'self' *.clearscore.com mpsnare.iesnare.com *.vzaar.com; frame-src 'self' *.clearscore.com *.doubleclick.net servedby.flashtalking.com www.youtube.com; child-src 'self' *.clearscore.com *.doubleclick.net servedby.flashtalking.com www.youtube.com; manifest-src 'self' *.clearscore.com; report-uri https://o241366.ingest.sentry.io/api/1780025/security/?sentry_key=81f979860e6d4d55be02cb7430639d63&sentry_environment=production 1
default-src https:; child-src https: blob:; connect-src https: wss: data:; font-src https: data:; frame-src https:; img-src https: data:; media-src https: blob:;  object-src https:;  worker-src https: blob:;  script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri /app/api/cspViolation; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: s.ytimg.com siteimproveanalytics.com us4.siteimprove.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com 1
font-src https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://chimpstatic.com https://analytics.akpress.org *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://analytics.akpress.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.mogucdn.com https://*.mogucdn.com http://*.juangua.com https://*.juangua.com http://*.meilishuo.com https://*.meilishuo.com http://*.meilishuo.net https://*.meilishuo.net http://*.mogujie.com https://*.mogujie.com http://*.qq.com https://*.qq.com http://*.mogujie.org https://*.mogujie.org http://*.meili-inc.com https://*.meili-inc.com http://*.mogu.com https://*.mogu.com http://*.mogu-inc.com https://*.mogu-inc.com; report-uri http://sd.mogujie.com/index.php 1
default-src 'self' *.bnz.co.nz www.bnz.co.nz *.facebook.com *.mktoresp.com sentry.io *.google-analytics.com *.launchdarkly.com *.nzpost.co.nz *.dynatrace.com stats.g.doubleclick.net www.googletagmanager.com *.mktoutil.com *.facebook.net *.monsido.com www.google.com; style-src 'self' *.bnz.co.nz 'unsafe-inline' *.googleapis.com pwm-image.trendmicro.com www.google-analytics.com; script-src 'self' 'unsafe-inline' *.bnz.co.nz 'unsafe-eval' *.sentry-cdn.com https://www.googletagmanager.com munchkin.marketo.net www.google-analytics.com *.monsido.com connect.facebook.net *.googleapis.com *.zscalertwo.net *.nzpost.co.nz *.dynatrace.com; img-src 'self' *.fls.doubleclick.net *.bnz.co.nz data: *.google-analytics.com *.google.com *.googleapis.com www.googletagmanager.com *.gstatic.com www.facebook.com *.monsido.com *.zscalertwo.net connect.facebook.net *.ytimg.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; media-src *; frame-src 'self' *.bnz.co.nz *.fls.doubleclick.net *.youtube.com *.facebook.com www.googletagmanager.com pwm-image.trendmicro.com; font-src 'self' data: fonts.gstatic.com www.bnz.co.nz www.googletagmanager.com; report-uri https://o154134.ingest.sentry.io/api/1208203/security/?sentry_key=32037ccbfb04436596cdf100941dde13 1
font-src https://fonts.gstatic.com https://use.typekit.net/ https://cdnjs.cloudflare.com/ *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://pal-test.adyen.com https://pal-live.adyen.com https://test.adyen.com https://live.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com https://consentcdn.cookiebot.com https://www.facebook.com https://www.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://pal-live.adyen.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://maps.gstatic.com https://www.google.com https://www.google.it 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com https://checkoutshopper-live.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co api.comapi.com webchat.dotdigital.com maps.googleapis.com https://www.googletagmanager.com *.google.com https://cdn.mouseflow.com https://www.gstatic.com https://apis.google.com http://connect.facebook.net https://connect.facebook.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://js-agent.newrelic.com https://bam.nr-data.net https://maps.googleapis.com https://chimpstatic.com https://www.mczbf.com https://ecomm.sella.it/ *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com https://www.gstatic.com https://use.typekit.net/ https://p.typekit.net/ https://cdnjs.cloudflare.com/ *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.comapi.com webchat.dotdigital.com https://www.facebook.com https://www.google-analytics.com https://bam.nr-data.net https://www.mczbf.com https://stats.g.doubleclick.net *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob:  *.signaturehardware.com initjs.rfk.signaturehardware.com *.rfksrv.com cdn.pdst.fm cdn.curalate.com tpc.googlesyndication.com c.zmags.com *.affirm.com s.go-mpulse.net *.authorize.net *.bazaarvoice.com *.cloudfront.net *.cloudmaestro.com *.criteo.com *.criteo.net *.listrakbi.com *.pepperjam.com *.pinterest.com *.steelhousemedia.com c.z-analytics.net code.jquery.com widget-mediator.zopim.com bam.nr-data.net bam-cell.nr-data.net bat.bing.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com maps.googleapis.com pinterest.adsymptotic.com pixel.mathtag.com platform.houzz.com s.pinimg.com services.listrak.com static.chartbeat.com static.site24x7rum.com static.zdassets.com tracking.deepsearch.adlucent.com v2.zopim.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.signaturehardware.com www.youtube.com pixel.snapsmedia.io boards.greenhouse.io s.ytimg.com edge.curalate.com nexus.ensighten.com mpsnare.iesnare.com cdn.noibu.com getrockerbox.com cdns.brsrvr.com cdn.userleap.com; 1
default-src https:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://www.preloved.co.uk/t/csp-report; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.yotpo.com *.fontawesome.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com/ gum.criteo.com/ *.addthis.com/ *.moatads.com/ *.addthisedge.com/ *.zdassets.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://checkout-sandbox.getbread.com https://checkout.getbread.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.facebook.com/ gum.criteo.com/ www.jsctool.com/ *.hotjar.com/ *.addthis.com/ *.moatads.com/ *.addthisedge.com/ *.zdassets.com/ *.doubleclick.net/ *.pinterest.com/ js.stripe.com hooks.stripe.com api.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de hello.zonos.com/ *.klarna.com www.gstatic.com/ placeholdit.imgix.net/ www.frontrunneroutfitters.com/ *.google.com/ *.klarna.com/ *.google.co *.facebook.com *.cloudfront.net/ *.trustedshops.com/ *.hotjar.com/ stats.g.doubleclick.net/ www.google-analytics.com/ *.zdassets.com/ *.pinterest.com/ frontrunnersupport.zendesk.com/ *.addthis.com/ *.moatads.com/ *.addthisedge.com/ *.cloudflare.com *.googleadservices.com *.google-analytics.com *.google.co.za *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.co.in *.zopim.com *.zipmoney.com.au *.zopim.io *.zip.co *.googletagmanager.com *.payments-amazon.com *.thirdlight.com *.stripe.com store.paradoxlabs.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://checkout-sandbox.getbread.com https://checkout.getbread.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.checkout.getbread.com/ *.checkout-sandbox.getbread.com/ hello.zonos.com/ static.zipmoney.com.au/ translate.google.com/ translate.googleapis.com/ static.criteo.net/ sslwidget.criteo.com/ *.facebook.net/ *.instagram.com/ widget.us.criteo.com/ secure.pay1.de/ d.ratepay.com/ *.hotjar.com/ googleads.g.doubleclick.net/ *.pinimg.com/ *.zdassets.com/ *.trustedshops.com/ *.addthis.com/ *.facebook.com/ *.moatads.com/ *.addthisedge.com/ *.beacon.min.js *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.criteo.com *.cloudflareinsights.com https://cdn.polyfill.io https://browser.sentry-cdn.com js.stripe.com *.authorize.net api.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.beacon.min.js *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://checkout-sandbox.getbread.com https://checkout.getbread.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com hello.zonos.com/ d.ratepay.com/ *.hotjar.com/ *.paypal.com/ *.zdassets.com/ stats.g.doubleclick.net/ www.google-analytics.com/ *.pinterest.com/ *.frontrunneroutfitters.com/ *.zipmoney.com.au/ t.labs.au.edge.zip.co/ frontrunnersupport.zendesk.com/ *.addthis.com/ *.facebook.com/ *.moatads.com/ *.addthisedge.com/ *.zip.co/ https://*.ingest.sentry.io *.stripe.com *.authorize.net ws: api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; plugin-types application/x-shockwave-flash; script-src * 'unsafe-inline' blob:; report-uri https://content-security-policy.jobteaser.com/report 1
default-src 'self'; script-src 'report-sample' 'self' https://www.googletagmanager.com https://auto-dot-marketing-api-proxy-dot-fiber-marketing-staging.appspot.com https://googleads.g.doubleclick.net https://www.gstatic.com https://apis.google.com/ https://maps.googleapis.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.youtube.com https://www.google.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://auto-dot-marketing-api-proxy-dot-fiber-marketing-staging.appspot.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://bid.g.doubleclick.net https://scone-pa.clients6.google.com; img-src 'self' https://adservice.google.com https://1.bp.blogspot.com https://ad.doubleclick.net https://googleads.g.doubleclick.net https://lh3.googleusercontent.com https://maps.gstatic.com https://storage.googleapis.com https://www.google-analytics.com https://www.google.com https://10498832.fls.doubleclick.net https://www.googleadservices.com; manifest-src 'self'; media-src 'self' https://storage.googleapis.com; 1
font-src *.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.cookiebot.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com https://a.klaviyo.com *.youtube.com sumo.com *.sumo.com *.flbx.io *.omtrdc.net 'self' data: *.tomdixon.net *.tomdixontrade.net *.nosto.com *.nos.to 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com polyfill.io https://static.klaviyo.com https://fast.a.klaviyo.com *.getflowbox.com chimpstatic.com *.pcapredict.com *.sumome.com *.sumo.com *.cookiebot.com *.postcodeanywhere.co.uk *.googletagmanager.com *.facebook.com reddit.com *.bufferapp.com *.pinterest.com *.google.com *.gstatic.com *.googleapis.com *.nosto.com *.nos.to 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.bootstrapcdn.com *.postcodeanywhere.co.uk *.googleapis.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com https://static.klaviyo.com https://fast.a.klaviyo.com sumo.com *.postcodeanywhere.co.uk *.google.com *.sumo.com *.amazonaws.com *.demdex.net *.nosto.com *.nos.to 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self'; report-uri  https://q2fp0r1bc6.execute-api.us-west-2.amazonaws.com/csp-reporter 1
default-src 'self' *.hsbc.com.cn 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net; script-src 'self' *.hsbc.com.cn 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net *.sc.omtrdc.net *.tiqcdn.com www.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net www.googleadservices.com www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com; img-src 'self' *.hsbc.com.cn *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net data: *.doubleclick.net *.tealiumiq.com *.sc.omtrdc.net *.everesttech.net www.google.com www.facebook.com bat.bing.com www.google.co.in www.google.com.hk *.twitter.com *.linkedin.com *.day.com *.adsrvr.org pixel.advertising.com s.amazon-adsystem.com *.analytics.yahoo.com t.co www.google.ca www.googleadservices.com www.google.co.uk tr.outbrain.com www.googletagmanager.com *.lpsnmedia.net p.adsymptotic.com; connect-src 'self' *.hsbc.com.cn *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net bat.bing.com *.tt.omtrdc.net *.sc.omtrdc.net *.tealiumiq.com *.siteintercept.qualtrics.com jsonip.com *.tiqcdn.com; script-src-elem 'self' *.hsbc.com.cn 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.sc.omtrdc.net *.lpsnmedia.net *.tiqcdn.com www.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net www.googleadservices.com www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; child-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.lpsnmedia.net *.doubleclick.net www.google.com www.recaptcha.net *.tealiumiq.com *.tiqcdn.com; frame-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.doubleclick.net *.tealiumiq.com www.google.com *.tiqcdn.com *.lpsnmedia.net www.recaptcha.net; frame-ancestors 'self'; upgrade-insecure-requests ; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.googleadservices.com *.doubleclick.net connect.facebook.net bat.bing.com cdn.glassboxcdn.com assets.adobedtm.com www.gstatic.com c1.rfihub.net www.googletagmanager.com www.google-analytics.com c.evidon.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: 20833639p.rfihub.com 20833650p.rfihub.com 20822240p.rfihub.com a.rfihub.com www.google.com spp.incomm.com *.doubleclick.net www.googletagmanager.com 20833641p.rfihub.com 20822241p.rfihub.com api.giftcardimpressions.com www.facebook.com 20824721p.rfihub.com 20824722p.rfihub.com 20824723p.rfihub.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com media.vanillagift.com www.google.ca www.gstatic.com bat.bing.com www.facebook.com www.google.com www.google-analytics.com *.doubleclick.net api.giftcardimpressions.com c.evidon.com l.evidon.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: expressentry.melissadata.net media.vanillagift.com *.omtrdc.net bat.bing.com www.facebook.com *.doubleclick.net c.evidon.com report.incomm.glassboxdigital.io www.google.com www.google-analytics.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; form-action  www.facebook.com www.google.com spp.incomm.com www.vanillagift.com; report-uri /csp_report 1
block-all-mixed-content; upgrade-insecure-requests; default-src 'self'; object-src 'none'; img-src * data:; worker-src 'self' blob:; style-src 'self' https: 'unsafe-inline'; media-src 'self' https://*.llnw.net blob:; font-src 'self' https://*.gstatic.com https://*.fontawesome.com https://*.cloudfront.net data:; frame-src 'self' https://*.msasafety.com https://*.msanet.com https://*.google.com https://*.doubleclick.net https://*.marketo.com https://*.bing.com https://*.hotjar.com https://*.medallia.com https://*.zoho.com https://*.metalocator.com https://*.youtube.com https://*.sierramonitor.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.msasafety.com https://*.scene7.com https://*.pricespider.com https://*.limelight.com https://*.marketo.com https://*.marketo.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.gstatic.com https://*.bing.com https://*.doubleclick.net https://*.loopanalytics.com https://*.hotjar.com https://*.facebook.net https://*.wisepops.com https://*.adobedtm.com https://*.licdn.com https://*.medallia.com https://*.kampyle.com https://*.kickfire.com https://*.simpli.fi https://*.google.com https://*.metalocator.com https://*.pardot.com https://*.mapbox.com https://*.sierramonitor.com https://*.zohostatic.com https://*.usersnap.com https://*.cloudfront.net https://*.youtube.com data:; connect-src 'self' https://*.scene7.com https://*.limelight.com https://*.google-analytics.com https://*.bing.com https://*.mktoresp.com https://*.doubleclick.net https://*.wisepops.com https://*.medallia.com https://*.kampyle.com https://*.msanet.com https://*.hotjar.com https://*.mapbox.com https://*.googlevideo.com https://*.llnw.net; 1
default-src 'self' *.hsbc.co.in 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net; script-src 'self' *.hsbc.co.in 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.lpsnmedia.net *.sc.omtrdc.net *.tiqcdn.com www.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net www.googleadservices.com www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com; img-src 'self' *.hsbc.co.in *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net data: *.doubleclick.net *.tealiumiq.com *.sc.omtrdc.net *.everesttech.net www.google.com www.facebook.com bat.bing.com www.google.co.in www.google.com.hk *.twitter.com *.linkedin.com *.day.com *.adsrvr.org pixel.advertising.com s.amazon-adsystem.com *.analytics.yahoo.com t.co www.google.ca www.googleadservices.com www.google.co.uk tr.outbrain.com www.googletagmanager.com *.lpsnmedia.net p.adsymptotic.com; connect-src 'self' *.hsbc.co.in *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net bat.bing.com *.tt.omtrdc.net *.sc.omtrdc.net *.tealiumiq.com *.siteintercept.qualtrics.com jsonip.com *.tiqcdn.com; script-src-elem 'self' *.hsbc.co.in 'unsafe-eval' 'unsafe-inline' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net *.sc.omtrdc.net *.lpsnmedia.net *.tiqcdn.com www.googletagmanager.com bat.bing.com *.facebook.net *.doubleclick.net www.googleadservices.com www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net *.tt.omtrdc.net *.tealiumiq.com; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com/; child-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.lpsnmedia.net *.doubleclick.net www.google.com www.recaptcha.net *.tealiumiq.com *.tiqcdn.com; frame-src 'self' *.appdynamics.com *.eum-appdynamics.com *.demdex.net *.liveperson.net comshub-msb.marksandspencer.com dev.comshub-msb.marksandspencer.com uat.comshub-msb.marksandspencer.com mcmdev.hsbc.co.uk mcmperf.hsbc.co.uk mcmprod.hsbc.co.uk *.doubleclick.net *.tealiumiq.com www.google.com *.tiqcdn.com *.lpsnmedia.net www.recaptcha.net; frame-ancestors 'self'; upgrade-insecure-requests ; 1
default-src http: 'self' 'unsafe-inline' 'unsafe-eval' scene7.com pinimg.com pinterest.com cquotient.com newrelic.com nr-data.net hotjar.io bazaarvoice.com hotjar.com ugc.bazaarvoice.com *.247-inc.net columbia.com demandware.net inmoment.com zdassets.com onetrust.com zopim.com sspinc.io adobedtm.com 247-inc.net ca.assist.247-inc.net demdex.net curalate.com tt.omtrdc.net 112.2o7.net truefitcorp.com nexus.bazaarvoice.com bluecore.com youtube.com ytimg.com adyen.com paypal.com vimeo.com typekit.net *.typekit.net curations.bazaarvoice.com vimeocdn.com reviews.bazaarvoice.com fit-predictor.net data:; 1
font-src *.sagepay.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.sagepay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.paypal.com *.sagepay.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.sagepay.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sagepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cloudinary.com *.cloudinary.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.adyen.com cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com cloudinary.com *.cloudinary.com data: *.yotpo.com https://a.klaviyo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.adyen.com cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.yotpo.com https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cloudinary.com *.cloudinary.com *.yotpo.com *.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cloudinary.com *.cloudinary.com *.yotpo.com https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'nonce-wehimbhCPBHmcQ4J0eiDAw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://a.klaviyo.com https://t.teads.tv https://p.teads.tv 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com https://static.klaviyo.com https://fast.a.klaviyo.com https://global.sunbrella.com https://cdn.b0e8.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://t.teads.tv https://p.teads.tv 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://fast.a.klaviyo.com https://global.sunbrella.com https://cdn.b0e8.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://t.teads.tv https://p.teads.tv 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: gap: *.klarna.com *.freshchat.com *.vimeo.com *.youtube.com *.whittard.co.uk mention-me.com *.zenaps.com *.sub2tech.com *.gstatic.com *.facebook.com; img-src data: blob: *.demandware.net *.commercecloud.salesforce.com *.amazonaws.com *.googletagmanager.com *.facebook.net *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.whittard.co.uk *.postcodeanywhere.co.uk *.pcapredict.com *.zmags.com *.yotpo.com *.tokywoky.com img.tokywoky.com *.klarnaservices.com *.klarnacdn.net *.mention-me.com *.awin1.com *.dwin1.com bda.bookatable.com i.ytimg.com *.contentsquare.net *.contentsquare.com *.sub2tech.com  *.cloudfront.net *.youtube.com *.vimeo.com bat.bing.com *.zenaps.com *.msgfocus.com *.fbsbx.com *.fbcdn.net graph.facebook.com *.zscloud.net *.googleusercontent.com *.klarnaevt.com i.vimeocdn.com *.surveymonkey.com *.kaltura.com; child-src 'self' blob: *.studentbeans.com *.google.com *.doubleclick.net *.facebook.com *.tokywoky.com *.freshchat.com mention-me.com *.mention-me.com *.klarna.com *.klarnaservices.com bda.bookatable.com *.sub2tech.com *.youtube.com *.vimeo.com *.zenaps.com *.googlesyndication.com *.online-metrix.net *.pagetiger.com *.googletagmanager.com connect.studentbeans.com *.zmags.com *.googleapis.com *.surveymonkey.com *.paperform.co paperform.co *.ordergroove.com *.worldpay.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.postcodeanywhere.co.uk *.pcapredict.com *.bootstrapcdn.com *.myfonts.net cdnjs.cloudflare.com *.yotpo.com *.freshchat.com *.mention-me.com *.sub2tech.com bda.bookatable.com *.zmags.com *.klarnacdn.net *.whittard.co.uk *.ordergroove.com; font-src 'self' data: *.gstatic.com *.g.doubleclick.net *.bootstrapcdn.com *.yotpo.com *.bookatable.com *.zmags.com *.alicdn.com *.klarnacdn.net *.whittard.co.uk *.ordergroove.com *.fontawesome.com; media-src 'self' data: *.facebook.com *.youtube.com *.vimeo.com *.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com *.cquotient.com *.tryzens-analytics.com:12443 *.facebook.net  cdnjs.cloudflare.com cdn.cquotient.com *.googletagmanager.com www.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.dwin1.com *.postcodeanywhere.co.uk *.pcapredict.com *.zmags.com *.z-analytics.net *.yotpo.com *.tokywoky.com *.msecnd.net *.freshchat.com *.klarnaservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net  *.mention-me.com *.worldpay.com bda.bookatable.com bat.bing.com *.contentsquare.net *.contentsquare.com *.sub2tech.com *.yottaa.com *.cloudfront.net *.freshworksapi.com *.zenaps.com *.paypal.com *.paypalobjects.com *.awin1.com *.dwin1.com *.sessioncam.com *.whittard.co.uk *.bootstrapcdn.com *.googlesyndication.com www.google.com *.studentbeans.com onlineerp.solution.quebec widget.surveymonkey.com *.paperform.co paperform.co *.ordergroove.com cdnapisec.kaltura.com; connect-src 'self' *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.tryzens-analytics.com:12280 *.postcodeanywhere.co.uk *.pcapredict.com *.yotpo.com *.tokywoky.com *.klarnauserservices.com *.klarnaservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mention-me.com mention-me.com bda.bookatable.com *.zmags.com *.z-analytics.net *.contentsquare.net *.contentsquare.com *.sub2tech.com *.cloudfront.net *.awin1.com *.dwin1.com *.yottaa.net *.sessioncam.com bat.bing.com *.facebook.com www.facebook.com *.google.com *.facebook.net *.googleapis.com widget.surveymonkey.com *.s3.amazonaws.com *.ordergroove.com *.worldpay.com; manifest-src 'self'; ; report-uri https://0594ebf9e3dab534acdba65c6100b639.report-uri.com/r/d/csp/reportOnly; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=6af1dbfb3c9bd8e06646f735b16e5a7c 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; report-uri https://feld.com?gdsih-csp-report; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdn.appdynamics.com col.eum-appdynamics.com fonts.gstatic.com ajax.googleapis.com www.googleapis.com fonts.googleapis.com use.fontawesome.com www.w3schools.com home.textkernel.nl staging.textkernel.nl www.dropbox.com apis.google.com www.google.com html5shim.googlecode.com media.readspeaker.com s7.addthis.com d2sl310zdnr3q6.cloudfront.net www.google-analytics.com https://apps.knollenstein.com https://appsdev.knollenstein.com font.visma.com *.easycruit.com m.addthis.com api-public.addthis.com flowanalytic.site networkanalytics.xyz knowledge-and-support-center.visma.net m.addthisedge.com apply.indeed.com content.googleapis.com commondatastorage.googleapis.com themes.googleusercontent.com www.googletagmanager.com fast.fonts.net db.onlinewebfonts.com hello.myfonts.net cdnjs.cloudflare.com d1fc8wv8zag5ca.cloudfront.net connect.facebook.net emea3.recruitmentplatform.com tag.goldenbees.fr s.ytimg.com www.findizer.fr webfonts.zohostatic.com platform.linkedin.com zgao.nl cdn.ontame.io *.ziggeo.com *.amazonaws.com api-eu-west-1.ziggeo.com embed-cdn-eu-west-1.ziggeo.com embed-eu-west-1.ziggeo.com assets.ziggeo.com hc-cdn.visma.net cdn.wootric.com production.wootric.com eligibility.wootric.com; img-src * 'unsafe-inline' 'unsafe-eval'; report-uri /ajax/logging/log_csp_report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.fr&source%5Bsection%5D=brochure&source%5Buuid%5D=0d1e57b7cc4d1a39f093ea2c5f7bd2a0 1
script-src 'nonce-tCelD4T4Pi9-UCKNnsbFpQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri /cspreport/static; base-uri 'self' 1
default-src 'self' *.antpedia.com v.antwebinar.com hm.baidu.com m.baidu.com jspassport.ssl.qhimg.com *.google-analytics.com zz.bdstatic.com s.ssl.qhres.com sp0.baidu.com s.360.cn c.mipcdn.com wpa.qq.com res.wx.qq.com mp.weixin.qq.com msite.baidu.com ae.bdstatic.com share.baidu.com bdimg.share.baidu.com *.alicdn.com *.cn-hangzhou.log.aliyuncs.com *.dns-detect.alicdn.com browser.sentry-cdn.com push.zhanzhang.baidu.com po.srf.baidu.com toutong.baidu.com static.bshare.cn cdn.jsdelivr.net sentry.io *.googleapis.com *.cnzz.com api.map.baidu.com *.uc.cn uc.gre *.gstatic.com *.ucweb.com bshare.optimix.cn s2.pstatp.com 'unsafe-inline' 'unsafe-eval'; img-src * data: ; upgrade-insecure-requests; report-uri https://www.antpedia.com/scp-report/index.php;frame-src https://*.qq.com webcompt:; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; media-src https: blob: data:; child-src https: blob:; report-uri https://sentry.io/api/72071/csp-report/?sentry_key=4fb747b409644084ba393c5ab7399d16; 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; script-src 'nonce-db2a5b994a014824b45377501efb6df1' 'unsafe-hashes' 'sha256-1maWi35AZm2eb0SDGUjz4yC0C7VC0PK1u/+qKV3OR14='  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; style-src 'self' 'nonce-db2a5b994a014824b45377501efb6df1'  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com; frame-src https://www.youtube.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=133-2716273-2604650:rid=F87552CAB1D84F7F8E85:sn=www.amazongames.com 1
img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com res.cloudinary.com maps.googleapis.com bat.bing.com www.facebook.com www.googletagmanager.com log.olark.com www.google-analytics.com a.b0e8.com st2.dialogtech.com *.doubleclick.net www.totallylegal.com assets.sunwingtravelgroup.com ct.pinterest.com www.google.ca connect.facebook.net www.google.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.olark.com vars.hotjar.com bsb.widgets.sunwingtravelgroup.com www.facebook.com www.googletagmanager.com sunwing.tfaforms.net www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.olark.com fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com fonts.gstatic.com static.olark.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net knrpc.olark.com www.google.com www.google-analytics.com api.segment.io svhandlerapi.sunwingtravelgroup.com ct.pinterest.com assets.sunwingtravelgroup.com d14i4zuajvt7ma.cloudfront.net vc.hotjar.io services.sunwinggroup.ca am.freshrelevance.com bat.bing.com infoservice.sunwingtravelgroup.com adservice.google.com www.facebook.com res.cloudinary.com ixfd1-api.bc0a.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.olark.com res.cloudinary.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com api.olark.com bsb.widgets.sunwingtravelgroup.com cdnjs.cloudflare.com dkpklk99llpj0.cloudfront.net d31y97ze264gaa.cloudfront.net www.google-analytics.com d81mfvml8p5ml.cloudfront.net www.googletagmanager.com s.pinimg.com cdn.bc0a.com www.google.com static.olark.com maps.googleapis.com www.googleadservices.com script.hotjar.com *.doubleclick.net connect.facebook.net dn1i8v75r669j.cloudfront.net cdn.segment.com static.hotjar.com cdn.b0e8.com knrpc.olark.com st1.dialogtech.com; form-action  www.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; report-uri /csp_report 1
script-src 'unsafe-eval' 'self' fast.fonts.net www.google.com *.googleapis.com *.gstatic.com *.google-analytics.com platform.twitter.com cdn.api.twitter.com syndication.twimg.com *.facebook.net *.newrelic.com bs.serving-sys.com cdn.feedbackify.com www.googleadservices.com s.btstatic.com s.thebrighttag.com; object-src 'self' www.youtube.com maps.googleapis.com; media-src 'self' www.youtube.com; report-uri /flybuys-web/api/csp-report 1
worker-src blob:; font-src *.fontawesome.com *.narvar.com *.narvar.qa https://cdnjs.cloudflare.com *.cloudflare.com *.typekit.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.twitter.com *.youtube.com *.snapchat.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.googletagmanager.com *.facebook.com *.hotjar.com *.twitter.com *.demdex.net *.doubleclick.net *.test.adyen.com *.live.adyen.com https://www.youtube.com *.youtube.com *.vimeo.com *.snapchat.com sketchfab.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.narvar.com *.narvar.qa https://s.ytimg.com *.ytimg.com *.magentocommerce.com *.paypal.com *.cloudfront.net *.amazon.com *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.bigcontent.io *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.emdex.net *.everesttech.net data: *.avada.io *.visualwebsiteoptimizer.com *.bing.com *.facebook.com *.quantserve.com *.doubleclick.net *.google.com *.google.be *.google.co.in *.omtrdc.net *.demdex.net *.eastpak.com https://eastpak.com *.amasty.com http://fulluat-vfc.cs87.force.com *.test.adyen.com *.live.adyen.com blob: *.linksynergy.com *.yvesvanbroekhoven.be *.googletagmanager.com *.adis.ws *.storm.com *.contentsquare.net *.reddit.com *.dc-storm.com *.amplience.net *.pinterest.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com *.avada.io https://cdnjs.cloudflare.com *.google.com *.googletagmanager.com *.googleadservices.com *.hotjar.com *.cookielaw.org *.pingdom.net *.cardinalcommerce.com *.onetrust.com *.facebook.net *.twitter.com *.bing.com *.visualwebsiteoptimizer.com *.authorize.net *.cloudfront.net *.braintreegateway.com *.signifyd.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada-popup.min.js *.quantserve.com *.quantcount.com *.doubleclick.net *.webgains.io *.salesforceliveagent.com *.gstatic.com *.webgains.com https://w-it.m-t.io *.googleapis.com *.test.adyen.com *.live.adyen.com *.vimeocdn.com *.rmtag.com *.contentsquare.net http://smct.co *.ads-twitter.com *.go-mpulse.net *.sc-static.net https://sc-static.net *.redditstatic.com *.pinimg.com *.datadoghq-browser-agent.com *.datadoghq.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa *.adis.ws *.eastpak.com *.amplience.net *.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cookielaw.org *.pingdom.net *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.com *.amazonpay.jp mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.avada-popup.min.js *.emdex.net *.everesttech.net *.doubleclick.net www.google-analytics.com *.avada.io *.visualwebsiteoptimizer.com *.hotjar.com *.paypal.com *.paypalobjects.com *.demdex.net *.hotjar.io *.bing.com *.adyen.com *.test.adyen.com *.live.adyen.com https://www.youtube.com *.youtube.com *.bugsnag.com *.google.co.in *.google.com wss: *.contentsquare.net *.akstat.io *.akamaihd.net *.go-mpulse.net *.google.be *.onetrust.com *.pinterest.com *.datadoghq-browser-agent.com *.datadoghq.eu 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: data: 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://assets.calendly.com; object-src 'none'; frame-ancestors 'self'; report-uri https://escalated.io/code/cspreport 1
font-src fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.adyen.com *.youtube.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.googleadservices.com *.google-analytics.com 'self' data: *.yotpo.com yotpo-stool.s3.amazonaws.com *.doubleclick.net *.google.com *.adyen.com *.postcodeanywhere.co.uk *.youtube.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com polyfill.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.yotpo.com js-agent.newrelic.com *.nr-data.net *.googletagmanager.com *.doubleclick.net *.hotjar.com *.postcodeanywhere.co.uk *.pcapredict.com *.adyen.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com 'self' data: *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.google.com *.yotpo.com *.postcodeanywhere.co.uk yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.yotpo.com *.nr-data.net stats.g.doubleclick.net *.postcodeanywhere.co.uk yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; frame-src https://api-5487f10a.duosecurity.com/ https://www.google.com https://www.youtube.com/ https://static.addtoany.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com/  https://ajax.cloudflare.com/ https://www.google.com/ https://www.google-analytics.com https://www.gstatic.com; report-uri /csp-reports.php 1
font-src *.fontawesome.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action www.facebook.com my.ponant.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src libs.hipay.com media.ponant.com *.youtube.com *.google.com asset.easydmp.net www.facebook.com my.ponant.com wordpress.ponant.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com s.ytimg.com *.ponant.com 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com img.youtube.com *.ytimg.com www.facebook.com d.adroll.com *.google.com *.google.fr bat.bing.com *.linkedin.com *.eloqua.com www.googletagmanager.com 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.youtube.com video.google.com libs.hipay.com mpsnare.iesnare.com cdn.jsdelivr.net maps.googleapis.com *.gstatic.com *.google.com connect.facebook.net js.authorize.net jstest.authorize.net po.ponant.com try.abtasty.com hermes.allo-media.net s.adroll.com d.adroll.com d.adroll.mgr.consensu.org ponant.script.admo.tv *.linkedin.com snap.licdn.com bat.bing.com atout.email-match.com www.googletagmanager.com googleads.g.doubleclick.net asset.easydmp.net *.contentsquare.net *.en25.com statics.apreslachat.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com fonts.gstatic.com fonts.googleapis.com s.adroll.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.ponant.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src stage-data.hipay.com bat.bing.com ponant.script.admo.tv ponant.admo.tv hermes.allo-media.net s.adroll.com ariane.abtasty.com dcinfos-cache.abtasty.com widgets.abtasty.com popin.wibilong.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com data: *.klevu.com *.ksearchnet.com *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com *.klevu.com *.ksearchnet.com https://redchamps.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com *.klevu.com *.ksearchnet.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.klevu.com *.ksearchnet.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/opensource-webmaster 1
font-src *.cloudflare.com *.twitter.com fonts.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.tawk.to 'self' data: maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com js.stripe.com api.razorpay.com *.twitter.com *.google.com *.addthis.com *.doubleclick.net www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: data: *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.co.in *.jsdelivr.net *.google.com *.ccavenue.com *.facebook.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com js.stripe.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.googletagmanager.com embed.tawk.to googleads.g.doubleclick.net cdn.jsdelivr.net *.razorpay.com *.googletagmanager.com *.facebook.net connect.facebook.net twitter.com platform.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jsdelivr.net *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com lumberjack.razorpay.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.tawk.to www.google-analytics.com *.doubleclick.net *.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://magecomp.com/; report-to report-endpoint; 1
default-src * data: ws: wss://evbk.gamooga.com 	wss://ssbk2-uk.gsecondscreen.com fbrpc: https://www.google-analytics.com www.google-analytics.com  https://stats.g.doubleclick.net; img-src *.caratlane.com *.cltstatic.com https: blob: data: android-webview-video-poster: about: www.facebook.com https://www.google-analytics.com www.google-analytics.com  https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com; style-src 'self' 'unsafe-inline' assets.cltstatic.com https://fonts.googleapis.com https://accounts.google.com ht