Values for content-security-policy-report-only:
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 132
default-src https: blob:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data: blob:; media-src https:; object-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob:; report-uri /s/run/cspreport/reportHttp 90
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 83
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport 68
default-src https: 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; img-src 'self' data: *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com assets.digital.cabinet-office.gov.uk; script-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.gstatic.com www.signin.service.gov.uk *.ytimg.com www.youtube.com www.youtube-nocookie.com hmrc-uk.digital.nuance.com 'unsafe-inline'; style-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.gstatic.com 'unsafe-inline'; font-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk data:; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.tax.service.gov.uk hmrc-uk.digital.nuance.com gov.klick2contact.com www.signin.service.gov.uk; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; report-uri https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production 57
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 47
frame-src 'self' *.google.com *.pinimg.com *.pinterest.com *.pinterdev.com *.facebook.com player.grabnetworks.com www.kickstarter.com staging.slideshare.com player.anyclip.com verify.vote.org movieclips.com scache.vevo.com *.adyen.com www.voteplz.org player.hulu.com www.crackle.com www.dailymotion.com cache.vevo.com www.slideshare.net crackle.com embed.5min.com embed.ted.com register.vote.org absentee.vote.org www.crunchyroll.com videoplayer.vevo.com w.soundcloud.com embed-ssl.ted.com *.youtube.com *.ytimg.com player.vimeo.com calendly.com vine.co scache.vevo.com bid.g.doubleclick.net *.fls.doubleclick.net pinterest-waterloo.s3.amazonaws.com pinlogs.s3.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com *.appcues.com *.cdn.ampproject.org; report-uri /_/_/csp_report/?reportonly 36
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 22
default-src 'self' 16
default-src https: data: 'unsafe-inline' 'unsafe-eval' 15
block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 13
13
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 13
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 12
default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 12
default-src 'none';script-src 'self' https://www.getresponse.com https://*.getresponse.com https://*.getresponse.pl https://*.getresponse.ru https://*.hotjar.com https://*.hotjar.io https://tagmanager.google.com https://*.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com;style-src 'self' 'unsafe-inline' https://www.getresponse.com https://*.getresponse.com https://*.getresponse.pl https://*.getresponse.ru https://*.hotjar.com https://*.hotjar.io https://tagmanager.google.com https://fonts.googleapis.com;img-src 'self' https: data: https://www.getresponse.com https://*.getresponse.com https://*.getresponse.pl https://*.getresponse.ru https://*.hotjar.com https://*.hotjar.io https://*.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com;font-src 'self' data: https://www.getresponse.com https://*.getresponse.com https://*.getresponse.pl https://*.getresponse.ru https://*.hotjar.com https://*.hotjar.io https://fonts.gstatic.com;connect-src 'self' https://www.getresponse.com https://*.getresponse.com https://*.getresponse.pl https://*.getresponse.ru https://*.hotjar.com https://*.hotjar.io https://index-log.getresponse.com/ https://www.google-analytics.com https://*.hotjar.com:* wss://*.hotjar.com;frame-src https://www.getresponse.com https://*.getresponse.com https://*.getresponse.pl https://*.getresponse.ru https://*.hotjar.com https://*.hotjar.io https://bid.g.doubleclick.net;base-uri 'self' https://www.getresponse.com https://*.getresponse.com https://*.getresponse.pl https://*.getresponse.ru;manifest-src https://www.getresponse.com https://*.getresponse.com https://*.getresponse.pl https://*.getresponse.ru;prefetch-src 'self' https://www.getresponse.com https://*.getresponse.com https://*.getresponse.pl https://*.getresponse.ru;object-src 'none';form-action 'none';frame-ancestors 'none';upgrade-insecure-requests;report-uri https://index-log.getresponse.com/index/marketing_csp 9
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://latkbu9mql.execute-api.us-east-1.amazonaws.com/default/checkCSP 9
frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 9
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.initial-website.com/app/reporting/policyviolation/submit 9
frame-ancestors 'self'; report-uri /beacon/csp.php 8
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=cmscache 8
default-src 'self' https: wss: data: blob: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 8
default-src 'self'; connect-src 'self' https://*.intentmedia.net https://*.etraveligroup.net https://*.doubleclick.net https://*.adform.net https://www.google-analytics.com https://widgets.hotels.com https://bat.bing.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.etraveli.com https://*.etraveligroup.com https://*.cdn-net.com https://bat.bing.com https://www.googletagmanager.com https://connect.facebook.net https://adtr.io https://*.bidr.io https://tag.yieldoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.intentmedia.net https://*.adform.net https://*.mouseflow.com https://*.nrich.ai https://*.doubleclick.net https://*.eancdn.com https://*.bidswitch.net https://green.erne.co https://*.rentalcars.com https://widget.trustpilot.com https://www.googleadservices.com https://cdn.klarna.com https://maps.googleapis.com https://widget.getyourguide.com https://widgets.hotels.com https://*.klarnacdn.net; style-src 'self' 'unsafe-inline' data: blob: https://widgets.hotels.com https://fonts.googleapis.com; img-src 'self' data: https://*.etraveli.com https://*.visualwebsiteoptimizer.com https://*.bidswitch.net https://*.doubleclick.net https://*.nrich.ai https://*.hybrid.ai https://*.w55c.net https://*.adsrvr.org https://*.rlcdn.com https://*.bidr.io https://*.seadform.net https://green.erne.co https://tag.yieldoptimizer.com https://dpm.demdex.net https://*.adform.net https://*.zemanta.com https://beacon.krxd.net https://sd.turn.com https://*.google-analytics.com https://maps.googleapis.com https://tag.adaraanalytics.com https://www.facebook.com https://widgets.hotels.com https://bat.bing.com https://www.google.com https://www.google.se https://maps.gstatic.com https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com https://widgets.hotels.com; frame-ancestors 'self'; frame-src 'self' https://*.cdn-net.com https://*.cdn.intentmedia.net https://www.facebook.com https://widget.getyourguide.com https://system.etrack1.com https://widgets.hotels.com https://secure.rentalcars.com https://widget.trustpilot.com; object-src 'self' https://*.cdn-net.com; report-to https://9dd511763dedf2c3aad76bd2b849c630.report-uri.com/r/d/csp/reportOnly; report-uri https://9dd511763dedf2c3aad76bd2b849c630.report-uri.com/r/d/csp/reportOnly; 8
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://studio.digital.vistaprint.com/csp/report/published 8
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 8
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline'; frame-ancestors 'self'; img-src https: data: ; object-src 'none' ; report-uri https://sentry.uniregistry.com/api/18/security/?sentry_key=f430f663325b402bbc96cb5da277ab92 ; 7
default-src 'unsafe-inline' 'unsafe-eval' https: wss: blob: ms-appx-web: data:; report-uri /report-violation 7
default-src 'self' blob:; child-src: 'self' blob:; script-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net cdn.cookielaw.org assets.adobedtm.com players.brightcove.net img.en25.com vjs.zencdn.net www.automation.siemens.com w3.siemens.com profiles.siemens.com; style-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net profiles.siemens.com; img-src 'self' data: assets.new.siemens.com maps.siemens.com metrics.brightcove.com brightcove04pmdo-a.akamaihd.net cf-images.eu-west-1.prod.boltdns.net cf-images.us-east-1.prod.boltdns.net siemens.sc.omtrdc.net track.adform.net s2033604275.t.eloqua.com cdn.cookielaw.org cookies.siemens.com; font-src 'self' data: tools.adlytics.net; connect-src 'self' search.new.siemens.com w3.siemens.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net *.demdex.net tools.adlytics.net cdn.cookielaw.org dmp.adform.net metrics.brightcove.com edge.api.brightcove.com secure.brightcove.com *.media.brightcove.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.fortbildung.siemens.com profiles.siemens.com searchapi.new.siemens.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; media-src 'self' assets.new.siemens.com secure.brightcove.com *.media.brightcove.com blob: manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com; worker-src 'self' 'unsafe-inline' blob:; object-src players.brightcove.net; block-all-mixed-content; reflected-xss block; base-uri 'self'; referrer origin-when-cross-origin; report-uri https://report-uri.dc.siemens.com/ 7
default-src * 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; script-src *  'self' 'unsafe-inline' 'unsafe-eval' s798535241.t.eloqua.com/ s1343588892.t.eloqua.com www.youtube.com *.brightcove.net  s.ytimg.com vjs.zencdn.net/  img.en25.com players.brightcove.net/ e.issuu.com www.gstatic.com/ *.google.com *.visma.chat *.episerver.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaw s.com d3dc1lgancj6l0.cloudfront.net www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com optimize.google.com static.hotjar.com static.hotjar.com script.hotjar.com api.cludo.com customer.cludo.com api-eu1.cludo.com/ chat.kindlycdn.com; style-src * 'self' 'unsafe-inline' *.episerver.net optimize.google.com fonts.googleapis.com; img-src * 'self' data: s798535241.t.eloqua.com/ s1343588892.t.eloqua.com cf-images.eu-west-1.prod.boltdns.net *.brightcove.net *.brightcove.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net script.hotjar.com script.hotjar.com www.googletagmanager.com www.googletagmanager.com www.google-analytics.com optimize.google.com static.kindlycdn.com; frame-ancestors 'self' www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net; worker-src  'self' blob: *.hotjar.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net; connect-src  'self' blob: statistics-dot-calconic-app.appspot.com app.calconic.com api.cludo.com bcovlive-a.akamaihd.net s798535241.t.eloqua.com s1343588892.t.eloqua.com manifest.prod.boltdns.net/ house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.brightcove.net metrics.brightcove.com *.brightcove.com se.api4load.com api.instagram.com hooks.zapier.com www.lyyti.fi widget.trustpilot.com s7.addthis.com/ embedv3.upseller.cloud www.varaaheti.fi api.giosg.com data.brreg.no/ wss://widget-mediator.zopim.com *.google.com teamup.com *.visma.no/ *.zendesk.com translate.googleapis.com rekry.saima.fi www.verkkopasseli.fi/ sheets.googleapis.com wss://nexus-websocket-a.intercom.io *.tawk.to *.sharethis.com spreadsheets.google.com service.giosg.com adservice.google.com ekr.zdassets.com service.giosg.com/api api-iam.intercom.io www.facebook.com/ api.beelert.com img.en25.com www.optimalworkshop.com www.teamjumbovisma.com/ www.teamjumbovisma.nl/ *.siteimprove.com *.kindly.ai *.pusher.com wss://ws-eu.pusher.com wss://ws-eu.pusher.com:443 wss://sage.kindly.ai docs.google.com stats.g.doubleclick.net *.doubleclick.net ipapi.co/json/ *.juicer.io *.puzzel.com *.hotjar.com:* *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com *.visma.chat www.youtube-nocookie.com www.youtube.com wss://umd.userlike.com umd.userlike.com api.userlike.com www.google-analytics.com *.visma.com *.visma.net; font-src  'self' data: cdn.faceworks.nl themes.googleusercontent.com  cdnjs.cloudflare.com/ajax/libs/font-awesome maxcdn.bootstrapcdn.com/bootstrap  static3.avast.com *.cloudfront.net dq4irj27fs462.cloudfront.net static-v.tawk.to  js.intercomcdn.com d3dc1lgancj6l0.cloudfront.net script.hotjar.com script.hotjar.com *.juicer.io fonts.gstatic.com font.visma.com *.visma.com *.visma.net *.opic.com; frame-src  'self' s798535241.t.eloqua.com s1343588892.t.eloqua.com  e.issuu.com tpc.googlesyndication.com m00-mg-local.idp.funktionstjanster.se s7.addthis.com/ embed.upseller.cloud app.calconic.com www.youtube.be *.soundcloud.com www.googletagmanager.com teamup.com secure.myshopcouponmac.com service.securesrv12.com vismamamut.typeform.com dreambroker.com va.tawk.to meetings.hubspot.com *.clients.giosgusercontent.com gateway.zscloud.net vimeo.com ekrav.vismacollectors.se vimeo.com c.sharethis.mgr.consensu.org sites.legaonline.se c1.adform.net maps.google.no pixel.mathtag.com *.doubleclick.net  www.facebook.com player.vimeo.com online.superoffice.com kursus.bluegarden.dk *.visma.chat *.liveleader.com *.liveleader.eu *.visma.com *.visma.net *.google.com optimize.google.com vars.hotjar.com www.youtube-nocookie.com www.youtube.com  api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.easymapmaker.com/ widget.trustpilot.com widget.trustpilot.com; media-src  'self' blob: bcovlive-a.akamaihd.net *.brightcovecdn.com manifest.prod.boltdns.net *.brightcove.com static.zdassets.com embedv3.upseller.cloud chat.puzzel.com js.intercomcdn.com www.snapengage.com dq4irj27fs462.cloudfront.net d3dc1lgancj6l0.cloudfront.net *.cloudfront.net; object-src  'self' www.snapengage.com; report-uri https://paxil3koxi.execute-api.eu-central-1.amazonaws.com/prod/report; 7
report-uri /report-csp-violation 7
block-all-mixed-content; report-uri https://mol.report-uri.io/r/default/csp/reportOnly 6
default-src https: 'unsafe-inline' data: 6
default-src https: 'unsafe-inline' 'unsafe-eval' 6
default-src https:; child-src https: blob:; connect-src https: wss: data:; font-src https: data:; frame-src https:; img-src https: data:; media-src https: blob:;  object-src https:;  worker-src https: blob:;  script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri /app/api/cspViolation; 6
default-src 'self' blob:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://themes.googleusercontent.com https://wcdn.3cx.com https://d20hvw4zeymqbm.cloudfront.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wcdn.3cx.com https://www.googletagmanager.com https://d20hvw4zeymqbm.cloudfront.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com  https://login.3cx.com	 https://www.google-analytics.com https://ct.capterra.com tpc.googlesyndication.com pagead2.googlesyndication.com https://ssl.geoplugin.net https://services.3cx.com https://ajax.googleapis.com https://connect.facebook.net https://maps.googleapis.com www.gstatic.com;object-src 'none';img-src * data: blob:;connect-src 'self' https://wcdn.3cx.com https://webapi.3cx.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net sipcy.3cx.com www.facebook.com translate.googleapis.com;child-src 'self' https://www.youtube.com; frame-src 'self' https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://www.googletagmanager.com; block-all-mixed-content; report-uri /csp/; 6
script-src 'report-sample' 'unsafe-inline' https: http:;report-uri /_/PlayStoreUi/cspreport 6
script-src 'self' *.cloudflare.com *.marketo.net *.googleoptimize.com *.google-analytics.com *.googletagmanager.com *.onetrust.com *.cloudflarestream.com *.zendesk.com *.videodelivery.net cdn.bizible.com d2c7xlmseob604.cloudfront.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' d.adroll.com/ipixel/* cdn.bizible.com www.google.com/ads/ga-audiences *.cloudflare.com di.rlcdn.com; worker-src 'self' *.cloudflare.com blob: 5
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 5
child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/ 5
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 5
base-uri 'self'; frame-src https:; object-src 'none';	 worker-src 'self';	 default-src 'self' https://*.googlesyndication.com; img-src 'self' data: http: https:; connect-src 'self' https://*.google-analytics.com/ https://*.facebook.com https://*.ioam.de https://*.taboola.com https://translate.googleapis.com https://*.doubleclick.net https://eum-eu-west-1.instana.io wss://mpsnare.iesnare.com https://logx.optimizely.com/v1/events https://www.eharmony.com/lane/ https://s7.addthis.com/l10n/ https://eharmony-app.quantummetric.com/ https://yoast.com/feed/widget/ https://m.addthis.com https://*.googlesyndication.com https://connect.facebook.net https://*.usercentrics.eu ; font-src data: 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://assets.squarespace.com/universal/fonts/ https://static.squarespace.com/universal/fonts/ ; script-src https: 'report-sample' 'unsafe-inline' 'unsafe-eval' data: 'self' https://*.custhelp.com https://*.ioam.de; style-src 'self' 'unsafe-inline' https://www.parship.com https://*.custhelp.com https://fonts.googleapis.com https://partnerboerse.parship.de https://translate.googleapis.com https://assets.eharmony.com https://assets.eharmony.com.au https://assets.eharmony.co.uk https://assets.eharmony.ca https://s.po.st/static/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://static1.squarespace.com/static/sitecss/ ; media-src 'self' data: https://mpsnare.iesnare.com https://assets.eharmony.com/files/us/images/careers/ https://www.googleapis.com/youtube/; prefetch-src 'self' https://*.googlesyndication.com/safeframe/; frame-ancestors 'self'; report-uri /ls/?reportOnly=true 5
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://1yl2eds5mhyzuzjhwlcikwnp.httpschecker.net/report 5
default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/app 5
frame-src self *.arcgames.com *.adyen.com www.google.com *.cdn.optimizely.com *.doubleclick.net *.youtube.com www.googletagmanager.com www.facebook.com; report-uri https://www.arcgames.com/en/report/enforce; 5
default-src 'unsafe-inline' 'unsafe-eval' data: https: wss:; report-uri https://shk.betfair.com/csp 5
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 5
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 5
default-src 'none'; connect-src 'self' www.linkedin.com www.google-analytics.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; script-src 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src dms.licdn.com; child-src blob: *; frame-src 'self' lnkd.demdex.net linkedin.cdn.qualaroo.com; manifest-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=g 4
frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 4
report-uri /ab/csp/index; report-to csp-endpoint 4
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; connect-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: https://sentry.eff.org/api/2/store/; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 4
default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 4
default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data:;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://9s5nwozqcb.execute-api.eu-north-1.amazonaws.com/prod/sitemailalerts 4
connect-src *;frame-src *;img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension: http://*.rackcdn.com http://*.tumblr.com http://huaban.com;worker-src blob:;script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri /log/csp 4
default-src 'self';script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://conv.indeed.com https://snap.licdn.com https://*.hotjar.com https://use.typekit.com https://www.google-analytics.com https://*.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://s.ytimg.com https://www.youtube.com https://*.assets-yammer.com https://*.typekit.net https://*.typekit.com https://menu.epam.com https://googleads.g.doubleclick.net https://vk.com https://*.adform.net https://res.wx.qq.com https://t.visitorqueue.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com;connect-src 'self' https://*.hotjar.com https://www.google-analytics.com https://mc.yandex.ru https://*.hotjar.io https://www.google.com https://www.youtube.com wss://menu.epam.com https://*.typekit.net https://*.typekit.com https://www.facebook.com https://stats.g.doubleclick.net https://a.visitorqueue.com;frame-src 'self' https://vars.hotjar.com https://www.facebook.com https://www.google.com https://www.youtube.com https://mc.yandex.ru https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.by https://www.google.com https://*.epam.com https://*.yammer.com https://login.microsoftonline.com https://vk.com;img-src 'self' * data: blob: about: android-webview-video-poster:;font-src 'self' data: https://*.typekit.net https://*.typekit.com https://fonts.gstatic.com;report-uri /services/csp/report 4
script-src 'self' 4
default-src 'self' 'unsafe-inline' ;script-src data: 'self' 'unsafe-inline' 'unsafe-eval' static.cloud.coveo.com *.r42tag.com *.usabilla.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl www.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com cdnjs.cloudflare.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl celebrus.fbto.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com;img-src data: blob: 'self' *.svtrd.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.google-analytics.com  *.onmarc.nl ssl.google-analytics.com www.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl www.prolife.nl stats.g.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net;connect-src 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net www.google-analytics.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl;object-src 'self' ;child-src 'self' t.svtrd.com player.vimeo.com youtube-nocookie.com www.youtube-nocookie.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl;manifest-src 'self' ;block-all-mixed-content; 4
script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.google-analytics.com https://*.moatads.com https://*.addthis.com https://*.doubleclick.net https://*.addthisedge.com https://*.newrelic.com https://*.nr-data.net https://*.googlevideo.com https://*.arcgis.com https://*.gov.uk https://*.facebook.com; frame-src 'self' https://*.addthis.com https://*.youtube.com https://www.googletagmanager.com https://*.arcgis.com; report-uri https://snhwebsite.report-uri.com/r/d/csp/reportOnly 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://platform.twitter.com https://plusone.google.com https://facebook.com https://platform.twitter.com https://apis.google.com https://www.google-analytics.com https://secure.gravatar.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com https://www.google.com https://use.fontawesome.com https://stats.wp.com https://s0.wp.com https://ajax.googleapis.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://secure.gravatar.com; img-src 'unsafe-inline' 'self' https://pixel.wp.com https://www.google-analytics.com https://stats.g.doubleclick.net data:; font-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://use.fontawesome.com https://fonts.gstatic.com https://wordpress.com data:; frame-src 'self' https://www.google.com; 4
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4
default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 3
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: https: blob: android-webview-video-poster: android-webview: chrome-extension: moz-extension: ms-browser-extension: about: 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://variety.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 3
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com 'self';  frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com;report-uri https://csp.surveymonkey.com/report?e=false&c=prod&ar=true&a=wufoocms 3
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::APROD_AWS_2_8_X 3
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 3
default-src 'self'; frame-ancestors 'self' *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de; frame-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de streaming.talk42.de app.datawrapper.de datawrapper.dwcdn.net 'self'; style-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://cdn.leafletjs.com/leaflet/v0.7.7/ https://cdnjs.cloudflare.com/ajax/libs/leaflet.markercluster/0.4.0/ 'unsafe-inline'; img-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de data: 'unsafe-inline'; script-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com/player/ https://www.youtube.com https://s.ytimg.com/yts/jsbin/ https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/ https://vjs.zencdn.net/5.9.2/ 'unsafe-inline'; font-src *.bundesregierung.de *.bundeskanzlerin.de *.deutschland-kann-das.de *.deutscher-kurzfilmpreis.de *.eu-gleichbehandlungsstelle.de *.integrationsbeauftragte.de *.bund.de *.open-government-deutschland.de *.nationaler-aktionsplan-integration.de *.70jahregrundgesetz.de *.dieglorreichen17.de https://ssl.p.jwpcdn.com data: 'self'; media-src *.bundesregierung.de 'self'; 3
default-src 'self' 'unsafe-inline' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.drift.com *.driftt.com *.kinstacdn.com api.intellimize.co www.google-analytics.com www.instagram.com www.googleadservices.com *.quoracdn.net www.google.com *.googleapis.com snap.licdn.com googleads.g.doubleclick.net rum-static.pingdom.net *.wistia.com *.wistia.net api.greenhouse.io cdn.segment.com https://cdn.split.io cdn.madkudu.com cdn.bizible.com ga.clearbit.com app-sj27.marketo.com widget.drift.com *.jquery.com https://www.google-analytics.com https://www.googletagmanager.com *.quora.com *.hsforms.com *.hsforms.net munchkin.marketo.net s.adroll.com d.adroll.mgr.consensu.org d.adroll.com *.facebook.net static.ads-twitter.com *.twitter.com twitter.com *.6sc.co *.dca0.com *.twimg.com tpc.googlesyndication.com use.typekit.net drift.referralrock.com gateway.on24.com; img-src 'self' 'unsafe-inline' data: * ; report-uri https://o13824.ingest.sentry.io/api/5269096/security/?sentry_key=e9bb6faf1b4c4ce1927908a451904d1d 3
default-src 'self' data: 'unsafe-inline' https://*.tuev-sued.de https://www.tuvsud.com https://cdn.cookielaw.org/ https://privacyportal-eu.onetrust.com/ https://fast.fonts.net https://*.gstatic.com https://*.googleapis.com/ https://www.googletagmanager.com/a https://www.google-analytics.com/ https://www.google.com https://www.google.com.sg https://*.g.doubleclick.net/ https://hm.baidu.com/ https://www.facebook.com/ https://hello.myfonts.net/ https://px.ads.linkedin.com https://p.adsymptotic.com/ https://bat.bing.com/ https://t.co https://track.hubspot.com https://*.hotjar.com https://vc.hotjar.io wss://*.hotjar.com https://safetyfirst.podigee.io/ https://cdn.podigee.com/; object-src 'none' ; frame-src  https://*.tuev-sued.de https://mail.tuv-sud.com https://apps.tuv-sud.in https://js.driftt.com/ https://www.facebook.com https://www.youtube.com https://portal.tuv-sud.cz/ https://embed.kfztermin.com/ https://app.sendnode.com https://backend.spapps.tuev-sued.com/ https://bid.g.doubleclick.net https://netdocx.netinform.de https://softwareservice.netinform.de https://tuvsud.loki.media https://vars.hotjar.com https://www.autoevaluacioncompliancetuvsud-prod.es https://www.google.com https://www.objektbrief.de https://www.safer-shopping.de https://safetyfirst.podigee.io/ https://cdn.podigee.com/ https://app.itrivio.cz/tuv-sud/ madeforchina.tuv-sud.cn e.issuu.com https://ap-apps.tuev-sued.com/ https://academy.tuv-sud-psb.sg/ https://forms.tuv-sud.jp https://www.eventbrite.co.uk https://academy.tuv-sud-america.com/ https://tuvsud-dev.loki.media/ ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://*.tuev-sued.de/ https://www.tuvsud.com/ https://hm.baidu.com/ https://js.driftt.com/ https://analytics.twitter.com/ https://bat.bing.com/ https://connect.facebook.net/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/ https://js.hs-scripts.com/ https://www.google-analytics.com/ https://www.google.com/pagead/ https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://maps.googleapis.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://s.ytimg.com/ https://www.youtube.com/iframe_api https://cdn.podigee.com/ https://b92.yahoo.co.jp/ e.issuu.com https://www.eventbrite.co.uk 3
default-src 'self'; img-src 'self' data: https:; object-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com www.google.com/jsapi *.facebook.net *.facebook.com *.recaptcha.net *.gstatic.com; connect-src 'self' sentry.io 3
default-src 'none'; connect-src 'self' www.linkedin.com www.google-analytics.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; script-src 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src dms.licdn.com *.lynda.com; child-src blob: lnkd-communities: voyager: *; frame-src 'self' https://www.youtube.com/embed/ https://www.youtube-nocookie.com/embed/ lnkd.demdex.net https://smartlock.google.com/ https://accounts.google.com/ linkedin.cdn.qualaroo.com player.vimeo.com; manifest-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=gm 3
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; worker-src blob:; report-uri /csp-report 3
default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; report-uri /error/js; img-src 'self' https: data:; 3
connect-src 'self' logx.optimizely.com *.optimizely.com *.maginfrastructure.com www.google-analytics.com capture.trackjs.com www.facebook.com stats.g.doubleclick.net *.holidayextras.co.uk serve.vdopia.com/adserver/html5/inwapads https://*.hotjar.com:* wss://*.hotjar.com https://*.hotjar.io performance.typekit.net https://ssp.lkqd.net/ad *.springserve.com vid.pubmatic.com adservice.google.com google.com/csi https://evtvpaid.bfmio.com reachms.bfmio.com/getmu ads.contextweb.com/TagPublish/getvideo.aspx s3-eu-west-1.amazonaws.com/live-climate magairportlimited.nanorep.co *.boldchat.com wss://websocket-eu.bold360.com;frame-src 'self' *.optimizely.com *.fls.doubleclick.net vars.hotjar.com www.googletagmanager.com www.facebook.com www.thetrainline.com www.google.com servedby.flashtalking.com airporttransfers.eastmidlandsairport.com ebooker.arrowprivatehire.co.uk www.rentalcars.com airporttransfers.manchesterairport.co.uk travelmoney.travelex.co.uk imasdk.googleapis.com/js/core/bridge3.274.0_en.html vcc-eu2.8x8.com https://id.manchesterairport.co.uk https://id.eastmidlandsairport.com https://id.stanstedairport.com *.maginfrastructure.com;img-src 'self' cdn.optimizely.com assets.live.web.maginfrastructure.com live-webadmin-media.s3.amazonaws.com live-mag-web-assets.s3.eu-west-1.amazonaws.com test-webadmin-media.s3.amazonaws.com s3-eu-west-1.amazonaws.com www.google-analytics.com nova.collect.igodigital.com www.facebook.com usage.trackjs.com p.typekit.net mag-retail-media-live.s3.amazonaws.com bat.bing.com pixel.quantserve.com *.g.doubleclick.net t.co www.google.com www.google.co.uk *.cpx.to *.adnxs.com *.avocet.io p.travelsmarter.net image2.pubmatic.com scontent.cdinstagram.com tag.yieldoptimizer.com idsync.rlcdc.com pixel.rubiconproject.com ad.yieldlab.net/m tag.adaraanalytics.com rtb.gumgum.com/usersync ik.imagekit.io i.ytimg.com www.google.ie www.googletagmanager.com about: data: vcc-eu2.8x8.com images-eu.boldchat.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.optimizely.com https://www.googletagmanager.com www.googletagservices.com www.google-analytics.com www.google.com cdn.trackjs.com static.hotjar.com script.hotjar.com 10959453.collect.igodigital.com/collect.js cdn3.optimizely.com connect.facebook.net tag.yieldoptimizer.com use.typekit.net inpref.s3.amazonaws.com securepubads.g.doubleclick.net platform.twitter.com *.cpx.to rules.quantcount.com static.ads-twitter.com analytics.twitter.com www.gstatic.com adservice.google.co.uk adservice.google.com secure.quantserve.com bat.bing.com *.doubleclick.net www.googleadservices.com vcc-eu2.8x8.com https://id.manchesterairport.co.uk https://id.eastmidlandsairport.com https://id.stanstedairport.com https://www.youtube.com https://s.ytimg.com *.maginfrastructure.com *.google.ie polyfill.io *.boldchat.com magairportlimited.nanorep.co;style-src 'self' 'unsafe-inline' static.tacdn.com www.surveygizmo.eu fonts.googleapis.com data:; report-uri https://webevo.report-uri.com/r/d/csp/reportOnly 3
default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 3
report-uri https://csp.edipresse.pl/report/polki; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset: 3
default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://maps.google.com https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-src 'self' https://charts3.equitystory.com https://socialcloud.bertelsmann.com https://www.youtube.com https://*.rtl.de; connect-src 'self' wss://*.bertelsmann.de https://www.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://edgecdnhd2-vh.akamaihd.net 3
default-src 'none'; connect-src 'self' www.linkedin.com content.linkedin.com lnkd.demdex.net dpm.demdex.net www.google-analytics.com; img-src data: blob: *; font-src data: *; frame-src 'self' www.linkedin.com lnkd.demdex.net www.youtube-nocookie.com platform.twitter.com www.facebook.com plusone.google.com play.vidyard.com www.slideshare.net; style-src https: 'unsafe-inline' *.licdn.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.licdn.com www.linkedin.com content.linkedin.com platform.linkedin.com *.ads.linkedin.com lnkd.demdex.net *.salesforceliveagent.com sb.scorecardresearch.com sjs.bizographics.com bcvipva02.rightnowtech.com; frame-ancestors 'self'; report-uri https://www.linkedin.com/lite/contentsecurity?f=ms 3
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' *.experteer.com gap://ready https:; font-src 'self' *.experteer.com fonts.gstatic.com https: data: 'unsafe-inline'; img-src 'self' *.experteer.com https: data: 'unsafe-inline'; object-src 'self'; script-src 'self' *.experteer.com www.google-analytics.com script.crazyegg.com www.linkedin.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.experteer.com https: 'unsafe-inline'; connect-src 'self' *.experteer.com https: wss://ws.inspectlet.com www.google-analytics.com; report-uri https://www.experteer.com/csp_violation_notifications 3
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 3
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnly 3
; report-uri https://.report-uri.com/r/d/csp/reporting 3
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: gap://ready; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src 'self' data: https:; report-uri https://thedatinglab.report-uri.com/r/d/csp/reportOnly 3
frame-ancestors 'self'; report-uri /stf/reportiframe 3
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src *.adlooxtracking.com *.adsafeprotected.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; script-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.odnoklassniki.ru *.serving-sys.com *.vk.com an.yandex.ru cdn.ampproject.org cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandex.ru yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; connect-src *.adlooxtracking.com *.adsafeprotected.com *.criteo.com *.doubleverify.com *.imgsmail.ru *.mail.ru *.moatads.com *.mradx.net *.serving-sys.com an.yandex.ru cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org jstracer.yandex.ru mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru strm.yandex.ru yandex.ru yandex.st yastat.net yastatic.net; img-src data: blob: *; media-src *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.strm.yandex.ru *.vk.com *.yandex.net coubsecure-s.akamaihd.net data: mail.ru ok.ru strm.yandex.ru vk.com yandex.ru yandex.st yastat.net yastatic.net; style-src *.imgsmail.ru *.mail.ru *.mradx.net blob: cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org yandex.st yastat.net yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src *.imgsmail.ru *.mail.ru *.mradx.net an.yandex.ru blob: data: https: yastat.net yastatic.net 'self'; frame-src *.criteo.com *.doubleclick.net *.doubleverify.com *.mail.ru *.mradx.net *.ok.ru *.vk.com *.yandex.ru *.yandexadexchange.net awaps.yandex.net mail.ru mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.md mc.yandex.ru mc.yandex.ua mc.yandex.uz ok.ru vk.com yandexadexchange.net yastat.net yastatic.net; report-uri https://cspreport.mail.ru/splash?v=10.08.20; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: ; report-uri https://reports.baidu.com/csp-report 2
child-src 'self'; connect-src 'self'; default-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_e73fb7e8df692e7b18fe970086102aaa 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.digitaltrends.com/collector/nr.php?ctx=csp-violation 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /esaondemand/csp2.php 2
default-src 'unsafe-inline' 'unsafe-eval' * data: blob:; report-uri https://sentry.io/api/1312882/security/?sentry_key=9e854fd5af164d1e98cee1bedb942a22 2
frame-ancestors 'self' https://*.twilio.com https://www.twilio.com;report-uri https://www.twilio.com/console/api/cspr 2
media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline'  'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 2
object-src 'none'; block-all-mixed-content; frame-ancestors 'none'; report-uri https://sentry.io/api/148442/security/?sentry_key=48196e632bb14305ad3fe47c6570e363 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: https: www.google.com tags.tiqcdn.com secure.insightexpressai.com browser-update.org *.newrelic.com *.nr-data.net api.swiftype.com onqblog.disqus.com a.disquscdn.com platform.twitter.com snapdragonblog.disqus.com 3642644.fls.doubleclick.net 'sha256-/3jsvuZODfJI1Eg99StI7HtPfGc1mT2ElQZ8nHDbQbM='; object-src https://metrics.brightcove.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: www.qualcomm.com pt-corpmktg.qualcomm.com qualcomm.sc.omtrdc.net sb.scorecardresearch.com metrics.brightcove.com *.nr-data.net analytics.twitter.com t.co controller.4seeresults.com events.foreseeresults.com insight.adsrvr.org; media-src 'self' blob: https: secure.brightcove.com; frame-src 'self' https: www.youtube.com disqus.com 3642644.fls.doubleclick.net www.juicer.io; font-src 'self' data: https: vjs.zencdn.net; connect-src 'self' https: *.nr-data.net links.services.disqus.com; report-uri /admin/config/system/seckit/csp-report 2
frame-ancestors 'self' *.hudl.com *.youtube.com *.sendtonews.com *.cbssports.com *.247sports.com *.scout.com *.ampproject.org *.amp.cloudflare.com; default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https:; report-uri https://cbsi.report-uri.io/r/default/csp/reportOnly 2
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' www.sentry.dev www.googletagmanager.com www.google-analytics.com js.hs-analytics.net js.hs-scripts.com js.driftt.com connect.facebook.net assets.calendly.com js.hsforms.net js.hs-banner.com forms.hsforms.com player.vimeo.com cdn.optimizely.com www.redditstatic.com m.servedby-buysellads.com; connect-src 'self' sentry.io www.sentry.dev reload.getsentry.net api.amplitude.com logx.optimizely.com rum.optimizely.com; img-src 'self' www.sentry.dev sentry-blog.storage.googleapis.com images.ctfassets.net www.google-analytics.com stats.g.doubleclick.net track.hubspot.com assets.calendly.com forms.hsforms.com q.quora.com alb.reddit.com www.facebook.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' www.sentry.dev assets.calendly.com fonts.googleapis.com; media-src 'self' videos.ctfassets.net; font-src 'self' www.sentry.dev fonts.gstatic.com; frame-src player.vimeo.com www.youtube-nocookie.com js.driftt.com calendly.com a17258894091.cdn.optimizely.com; manifest-src 'self' www.sentry.dev; report-uri https://sentry.io/api/1297627/security/?sentry_key=e811b9077ef64dcf8a279ec18a61b222 2
default-src 'none'; connect-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; form-action 'self'; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' data: https://anthro.amnh.org https://event.yoochoose.net https://p.typekit.net https://ssl.gstatic.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com; media-src 'self' https://media.amnh.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.js http://www.google.com/coop/cse/brand https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js https://anthro.amnh.org/inc_img1.js https://cdn.yoochoose.net/yc.js https://cdnjs.cloudflare.com/ajax/libs/gsap/1.11.1/TweenLite.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/1.11.1/easing/EasePack.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/1.11.1/plugins/CSSPlugin.min.js https://collector-2328.tvsquared.com/tv2track.js https://connect.facebook.net/en_US/all.js https://connect.facebook.net/en_US/fbevents.js https://fullstory.com/s/fs.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1058843650/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/810443679/ https://nexus.ensighten.com/choozle/6327/Bootstrap.js https://platform.twitter.com/widgets.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflPBjLfx/www-widgetapi.js https://secure.quantserve.com/quant.js https://static.ads-twitter.com/uwt.js https://translate.google.com/translate_a/element.js https://translate.googleapis.com/element/TE_20190506_00/e/js/element/element_main.js https://translate.googleapis.com/element/TE_20190724_00/e/js/element/element_main.js https://translate.googleapis.com/translate_a/l https://translate.googleapis.com/translate_static/js/element/main.js https://use.typekit.net/uon2mtr.js https://use.typekit.net/wlt2zdx.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.youtube.com/iframe_api; style-src 'self' 'unsafe-inline' https://cloud.typography.com/6642712/7002572/css/ https://fonts.googleapis.com/ https://translate.googleapis.com/translate_static/css/ 2
default-src 'self' 'unsafe-inline' *.fca.org.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.facebook.net www.googleadservices.com siteimproveanalytics.com *.siteimproveanalytics.io *.twitter.com *.jquery.com *.nr-data.net *.newrelic.com static.ads-twitter.com js.adsrvr.org *.doubleclick.net *.fca.org.uk; img-src 'self' 'unsafe-inline' data: *.facebook.com *.google-analytics.com *.siteimproveanalytics.io *.google.com t.co *.doubleclick.net *.fca.org.uk *.google.ie; frame-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.doubleclick.net insight.adsrvr.org *.fca.org.uk; frame-ancestors 'self'; child-src 'self' 'unsafe-inline' *.buto.tv *.videomarketingplatform.co *.view-it.co.uk *.fcaconnect.force.com prezi.com wearebigrock.com *.fca.org.uk player.vimeo.com www.thinglink.com *.google.com *.fca.org.uk; font-src 'self'; connect-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 2
script-src 'self' lihkg.com 'unsafe-inline' adv.lih.kg cdn.lihkg.com *.cloudflare.com static.cloudflareinsights.com *.googlesyndication.com *.googletagservices.com www.google-analytics.com *.google.com *.doubleclick.net *.googleadservices.com *.ampproject.org *.gstatic.com www.youtube.com s.ytimg.com connect.facebook.net; frame-src 'self' lihkg.com pb.lihkg.com game.lihkg.com embed.lih.kg *.doubleclick.net *.googlesyndication.com *.google.com www.youtube.com *.facebook.com w.soundcloud.com; connect-src 'self' lihkg.com i.lih.kg adv.lih.kg cdn.lihkg.com api.na.cx img.eservice-hk.net www.google-analytics.com *.doubleclick.net *.googlesyndication.com adservice.google.com cdn.ampproject.org *.gstatic.com *.googleapis.com *.cloudflare.com; worker-src 'self' lihkg.com blob:; report-uri https://report.lih.kg/csp?v=7 2
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/private/csp-report 2
script-src 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://b3ceba9babf02086c0dca962bbbd1cda.report-uri.io/r/default/csp/reportOnly 2
report-uri https://csp.rz.uni-kiel.de/report; report-to csp; 2
default-src 'self'; script-src 'self' www.googletagmanager.com static.hotjar.com script.hotjar.com www.google-analytics.com cdn.jsdelivr.net/npm/vue cdnjs.cloudflare.com/ajax/libs/select2 api3.libcal.com/js 'sha256-8c+PEXDYpnF2n7Jv8vx0beSqRgcOA/XgmPzseHI+FpQ=' 'sha256-P0fnbsmkhdk34CMqQ1NzmPA5Rs7g65ljookuUilxdGs='; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: www.google-analytics.com; frame-src vars.hotjar.com; child-src vars.hotjar.com; font-src 'self' fonts.gstatic.com assets.transparently.com; connect-src 'self' www.google-analytics.com vc.hotjar.io endeca.ohsu.edu; report-uri /report-csp-violation 2
frame-ancestors 'none'; report-uri /csp_logger/; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 2
default-src 'self';connect-src 'self' https://maps.googleapis.com https://cex.io wss://ws.cex.io/ws;frame-src 'self' * ext.cex.io;font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://static.cex.io;img-src 'self' data: https://static.cex.io;media-src 'self' https://static.cex.io;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://code.jquery.com https://static.cex.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cex.io;report-uri https://cex.io/cspr; 2
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.baidu.com http://*.baidu.com https://*.baidustatic.com http://*.baidustatic.com https://*.hao123.com http://*.hao123.com https://*.bdstatic.com http://*.bdstatic.com https://*.hao123img.com http://*.hao123img.com https://*.hao222.com http://*.hao222.com https://*.baidu.cn http://*.baidu.cn https://*.shifen.com http://*.shifen.com https://*.bdimg.com http://*.bdimg.com https://*.bcebos.com http://*.bcebos.com https://dwz.cn http://dwz.cn; img-src * data:; media-src * data:; report-uri /hao123_api/csp/report 2
default-src 'none'; block-all-mixed-content; script-src *.fareharbor.com fareharbor.com content.fareharbor.me *.cloudfront.net *.stripe.com *.adyen.com *.mxpnl.com cdn.mxpnl.com *.filestackapi.com *.pusher.com *.optimizely.com cdn.optimizely.com *.google.com *.googleapis.com *.google-analytics.com https://www.google-analytics.com *.adroll.com *.adroll.mgr.consensu.org *.facebook.net *.facebook.com *.cloudflare.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.gstatic.com 'unsafe-eval' 'unsafe-inline'; img-src * data: image/svg+xml image/png; style-src *.fareharbor.com fareharbor.com content.fareharbor.me *.cloudfront.net *.googleapis.com 'unsafe-inline'; connect-src https: wss:; form-action 'self' https:; base-uri 'self'; font-src fh-sites.imgix.net data: 'self'; frame-src *.stripe.com *.adyen.com *.filestackapi.com *.googletagmanager.com *.hotjar.com www.google.com airtable.com player.vimeo.com facebook.com fareharbor.com; object-src 'none'; report-uri /csp-report/ 2
block-all-mixed-content; report-uri https://67j9vz1kye.execute-api.ap-northeast-1.amazonaws.com/csp/csp 2
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 2
default-src 'self' * 'unsafe-inline'; img-src 'self' data: *; 2
default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 2
default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 2
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; block-all-mixed-content 2
default-src https: 'unsafe-inline' 'unsafe-eval' data:;report-uri /error/cspreport 2
default-src *; frame-src 'self'; style-src data: 'unsafe-inline' https:; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; script-src 'self' 'unsafe-eval' *.adnxs.com *.google.com *.google.co.uk *.google.cl *.linkedin.com *.adsafeprotected.com geo.moatads.com s.yimg.com s0.2mdn.net www.gstatic.com *.ampproject.org *.doubleclick.net *.googleapis.com *.scorecardresearch.com *.google-analytics.com; report-uri https://c55e807d3b799601c2faf42021c039e9.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' ; font-src 'self' data: https://static.smartframe.io https://fonts.gstatic.com https://js.arcgis.com ; img-src 'self' data: blob: https://www.google-analytics.com http://www.googletagmanager.com  https://static.smartframe.io https://thumbs.smartframe.io https://thumbs-cdn.smartframe.io https://syndication.twitter.com  https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://js.arcgis.com  https://services.arcgisonline.com https://server.arcgisonline.com https://utility.arcgis.com https://historicengland.org.uk http://stage.historic-england.org https://img.youtube.com https://i.ytimg.com ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://js.arcgis.com ; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://static.smartframe.io https://rum-static.pingdom.net https://www.googletagmanager.com  https://www.google-analytics.com https://platform.twitter.com https://cdn.syndication.twimg.com http://connect.facebook.net http://www.instagram.com https://js.arcgis.com https://az416426.vo.msecnd.net https://www.youtube.com https://e.infogram.com https://s.ytimg.com; frame-src 'self' http://www.youtube.com https://englishheritage.maps.arcgis.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://web.facebook.com https://sketchfab.com https://www.instagram.com https://www.google.co.uk https://w.soundcloud.com https://heritage.candle.digital https://app.powerbi.com https://e.infogram.com https://www.google.com ; connect-src 'self'  http://rum-collector-2.pingdom.net *.smartframe.io https://www.google-analytics.com https://utility.arcgis.com https://services.arcgisonline.com https://static.arcgis.com https://datahub.esriuk.com https://dc.services.visualstudio.com/v2/track https://stats.g.doubleclick.net ; 2
default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 2
frame-ancestors 'self'; report-uri https://accounts.humanity.com/reportcsp.php 2
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src rs.fullstory.com/rec/bundle https:; font-src 'self' https: data:; img-src 'self' *.csagroup.org *.wpengine.com p.typekit.net stats.g.doubleclick.net www.google.ca/ads www.google.com/ads www.google-analytics.com https: data:; object-src 'none'; upgrade-insecure-requests; report-uri https://csagroup.report-uri.com/r/d/csp/reportOnly; 2
img-src https:; report-uri https://dmzls-dub-mc.safe-installation.com/casino 2
font-src staticw2.yotpo.com fonts.gstatic.com demo.klevu.com js.klevu.com *.amazonaws.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com vars.hotjar.com checkoutshopper-test.adyen.com checkoutshopper.adyen.com demo.mention-me.com mention-me.com *.bglobale.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.fitanalytics.com checkoutshopper-test.adyen.com checkoutshopper.adyen.com data: p.yotpo.com cdn-yotpo-images-production.yotpo.com f.monetate.net online.adservicemedia.dk px.ads.linkedin.com www.google.* googleads.g.doubleclick.net www.facebook.com demo.klevu.com js.klevu.com *.bglobale.com *.global-e.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com js.braintreegateway.com bs.serving-sys.com cdn-akamai.mookie1.com secure.adnxs.com cdn.themessagecloud.com cdn.avmws.com s.go-mpulse.net js-agent.newrelic.com staticw2.yotpo.com se.monetate.net f.monetate.net cdn.scarabresearch.com static.scarabresearch.com www.googletagmanager.com connect.facebook.net www.google.com www.gstatic.com snap.licdn.com *.cloudfront.com *.cloudfront.net analytics.webgains.io online.adservicemedia.dk googleads.g.doubleclick.net polyfill.spinnaker-js.com *.fitanalytics.com checkoutshopper-test.adyen.com checkoutshopper.adyen.com tag-demo.mention-me.com static-demo.mention-me.com *.bglobale.com static.hotjar.com script.hotjar.com js.klevu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com staticw2.yotpo.com fonts.googleapis.com js.klevu.com *.bglobale.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com staticw2.yotpo.com api.yotpo.com ws.sessioncam.com www.google-analytics.com stats.g.doubleclick.net webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com recommender.scarabresearch.com apil1.spinnaker-js.com *.fitanalytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; media-src blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri  /csp-report 2
connect-src * data:; font-src * data: chrome-extension:; frame-src 'self' * callto: chrome-error: data: endlessipc: gsa: nsb: mailto: sms: tel: whatsapp:; img-src * data: blob: 'unsafe-inline'; manifest-src 'self'; media-src 'self' https://img.jobs.ch data:; object-src 'self' https://img.jobs.ch data:; prefetch-src 'self'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; worker-src 'self'; base-uri 'self' https://img.jobs.ch https://www.jobup.ch resource:; form-action 'self' https://www.jobcloud.ch https://www.facebook.com https://connect.facebook.net; navigate-to *; report-to unity-xp; report-uri https://o76802.ingest.sentry.io/api/166054/security/?sentry_key=0a006695b9724da380146d45dc995cde 2
worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com rec.smartlook.com; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net use.typekit.net; form-action 'self' https://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com youtube.com https://*.twitter.com *.twitter.com; img-src 'self' https://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net *.doubleclick.net https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com blob: data:; media-src https://youtube.com youtube.com; object-src 'none'; script-src 'self' https://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com https://platform.twitter.com platform.twitter.com https://rec.smartlook.com rec.smartlook.com https://*.twimg.com *.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net *.typekit.net https://*.googleapis.com *.googleapis.com https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com 'unsafe-inline'; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://sourcingjournal.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
default-src self https: data: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; report-uri https://fa920c4c3c2352efe32641b67b2f3fbe.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' www.youtube.com *.stripe.com *.addthis.com; script-src 'self' assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' www.google-analytics.com *.stripe.com https://apis.google.com/ 'unsafe-eval' maps.googleapis.com *.newrelic.com *.nr-data.net *.crisp.chat *.crisp.im https://www.youtube.com/iframe_api *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com; script-src-elem assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' www.google-analytics.com *.stripe.com https://apis.google.com/ 'unsafe-eval' maps.googleapis.com *.newrelic.com *.nr-data.net *.crisp.chat *.crisp.im https://www.youtube.com/iframe_api *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com play.vidyard.com *.lr-ingest.io; worker-src blob: 'self'; font-src 'self' data: assets.sutori.com https://client.crisp.chat; connect-src 'self' https://www.googleapis.com wss://www.sutori.com assets.sutori.com s3.amazonaws.com/assets.sutori.com www.google-analytics.com *.stripe.com api.amplitude.com *.nr-data.net wss://*.crisp.chat https://*.crisp.chat *.addthis.com https://syndication.twitter.com/settings https://*.wikipedia.org geo.query.yahoo.com *.flickr.com owcqxq3rnb.execute-api.us-east-1.amazonaws.com api.unsplash.com risk.clearbit.com *.lr-ingest.io; img-src 'self' data: * maps.googleapis.com https://maps.gstatic.com/mapfiles/api-3/images/ https://csi.gstatic.com/ https://i.ytimg.com *.addthis.com *.pinterest.com *.iubenda.com; style-src 'self' assets.sutori.com platform.twitter.com 'unsafe-inline' https://client.crisp.chat *.iubenda.com cdn.thinglink.me https://ton.twimg.com cdn.headwayapp.co; media-src 'self' assets.sutori.com https://client.crisp.chat; child-src 'self' * https://www.sutori.com *.stripe.com https://accounts.google.com/o/oauth2/postmessageRelay https://accounts.google.com/o/oauth2/iframe https://www.google.com/ https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ *.addthis.com *.pinterest.com; manifest-src assets.sutori.com; 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://pmc.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2
report-uri https://csp.edipresse.pl/report/party; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 2
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; frame-ancestors *.calypso.net.au *.flightcentre.com.au; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' rs.fullstory.com assets.adobedtm.com app.five9.com bat.bing.com www.youtube.com ocsp.digicert.com stats.g.doubleclick.net insight.adsrvr.org match.adsrvr.org www.google-analytics.com connect.facebook.net www.google.com googleads.g.doubleclick.net pixel.advertising.com ib.adnxs.com www.facebook.com ups.analytics.yahoo.com secure.adnxs.com cdnjs.cloudflare.com d2xqear68cidjx.cloudfront.net fonts.gstatic.com s3.amazonaws.com cdn.acsbapp.com acsbapp.com *.bazaarvoice.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' d2xqear68cidjx.cloudfront.net assets.adobedtm.com www.googleoptimize.com ssl.google-analytics.com s3.amazonaws.com storage.googleapis.com ajax.googleapis.com *.fullstory.com fullstory.com www.google-analytics.com app.five9.com www.google.com d16bpg3kvlhleg.cloudfront.net www.gstatic.com www.youtube.com  www.googleadservices.com acsbap.com connect.facebook.net s.ytimg.com acsbapp.com googleads.g.doubleclick.net www.googletagmanager.com bat.bing.com *.bazaarvoice.com cdnjs.cloudflare.com maps.googleapis.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com ajax.googleapis.com d2xqear68cidjx.cloudfront.net s3.amazonaws.com app.five9.com *.bazaarvoice.com code.jquery.com hello.myfonts.net fonts.googleapis.com; img-src 'self' s3.amazonaws.com d2xqear68cidjx.cloudfront.net app.five9.com ajax.googleapis.com bat.bing.com www.google-analytics.com www.google.com www.facebook.com d16bpg3kvlhleg.cloudfront.net d2x98ik0iax27c.cloudfront.net dLydvko3ow4tc.cloudfront.net *.bazaarvoice.com maps.googleapis.com maps.gstatic.com d2by1k0z80L28p.cloudfront.net data: blob www.googletagmanager.com; font-src 'self' s3.amazonaws.com fonts.gstatic.com d2xqear68cidjx.cloudfront.net cdnjs.cloudflare.com i.icomoon.io data: blob; 2
default-src 'self' s16-hypstarcdn-com.akamaized.net 'unsafe-inline' *.byteoversea.com *.hypstarcdn.com blob: data:;script-src 'self' s16-hypstarcdn-com.akamaized.net 'unsafe-inline' 'unsafe-eval' *.byteoversea.com *.hypstarcdn.com blob: data:;img-src * data:;media-src *;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=vigo_web 2
: default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2
default-src 'self'  https://www.google.com/ https://www.google-analytics.com/  https://cm.everesttech.net/ https://s3.amazonaws.com/; connect-src 'self' https://c.go-mpulse.net/ https://captcha.gecirtnotification.com/ https://www.google-analytics.com/ https://*.clicktale.net https://api.addsearch.com/ https://ds-aksb-a.akamaihd.net/RRT https://api.company-target.com/ https://rs.fullstory.com/ https://secure-ds.serving-sys.com/ https://vendorlist.consensu.org/vendorlist.json https://gepowerandwater.tt.omtrdc.net/ https://gepowerandwater.d2.sc.omtrdc.net/ https://dpm.demdex.net/ https://232-dkg-508.mktoresp.com/; font-src 'self' data:; frame-src https://app-abm.marketo.com/ https://www.linkedin.com/ https://captcha.gecirtnotification.com/ https://content.gepower.com/ https://www.slideshare.net/ https://anchor.fm/ https://tribl.io/ https://citia.com/ https://www.thinglink.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://gepowerwater.demdex.net/ https://app-ab10.marketo.com/ https://bid.g.doubleclick.net/ https://www.facebook.com/ https://fssfedpitc.ge.com/    https://www.google.com https://www.youtube.com; img-src  'self' data: https://www.google.com.sg/ https://cdn.thinglink.me/ https://captcha.gecirtnotification.com/ https://gepoweradnwater.d2.sc.omtrdc.net/ https://www.gepower.com/ https://www.googletagmanager.com/ https://clients1.google.com/ https://www.googleapis.com/ https://app-abm.marketo.com/ https://*.clicktale.net https://match.prod.bidr.io/ https://i.ytimg.com/ https://app-ab10.marketo.com/ https://segments.company-target.com/ https://www.genewsroom.com/ https://cm.everesttech.net/ https://ds-aksb-a.akamaihd.net/ https://c.evidon.com/ https://dpm.demdex.net/ https://syndication.twitter.com/  https://platform.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://img.youtube.com/ https://www.google.co.in/ https://www.google-analytics.com/ https://px.ads.linkedin.com/ https://stats.g.doubleclick.net/ https://gepowerandwater.d2.sc.omtrdc.net/ https://p.adsymptotic.com/ https://c.evidon.com/pub/icong1.png https://www.google.com/ https://p.adsymptotic.com/ https://l.betrad.com/ https://www.facebook.com/  https://www.google.co.in/ https://www.ge.com/   https://tribl.io/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://tracking.skyword.com/ https://tracking.skyword.com/ https://www.gstatic.com/ https://www.thinglink.com/ https://api.company-target.com/ https://gateway.zscalertwo.net/ https://share.yandex.ru/ https://opensharecount.com/ https://cdn.thinglink.me/ https://code.jquery.com/  https://graph.facebook.com/  https://upgrademyengine.gepower.com/p/modal.js https://captcha.gecirtnotification.com/ https://www.linkedin.com/ https://s.go-mpulse.net/ http://tracking.skyword.com/ https://s.ytimg.com/ https://iabmap.evidon.com/ https://fullstory.com/ https://www.googleadservices.com/ https://cse.google.com/ https://www.google.com/ https://bs.serving-sys.com/ https://scripts.demandbase.com/ https://app-ab10.marketo.com/ https://www.google.com/ https://cse.google.com/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://cdnssl.clicktale.net/ https://secure-ds.serving-sys.com/ https://app-sjg.marketo.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://app-abm.marketo.com/ https://app-abm.marketo.com/ https://tribl.io/ https://cdn.syndication.twimg.com/ https://munchkin.marketo.net/ https://platform.twitter.com/ https://assets.adobedtm.com/ https://www.youtube.com/ https://assets.adobedtm.com/ https://iabmap.evidon.com/ https://evidon.mgr.consensu.org/iab/getcookie https://munchkin.marketo.net/157/munchkin.js https://www.google-analytics.com/ https://app-abm.marketo.com/ https://www.googleadservices.com/pagead/conversion_async.js   https://connect.facebook.net/ https://c.evidon.com/ https://www.googletagmanager.com/gtag/ https://assets.adobedtm.com/bc9497247b8f/38f2d572529a/591c6385ea20/RC6dd8c3871a654d11b5f975f0da26fef7-source.min.js https://www.googletagmanager.com/gtag/ https://googleads.g.doubleclick.net/ https://sjs.bizographics.com/insight.min.js https://www.ge.com/  https://*.clicktale.net https://*.demandbase.com/;style-src 'self' 'unsafe-inline' https://cdn.thinglink.me/ https://scripts.demandbase.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/  https://app-abm.marketo.com/ https://www.google.com/ https://tribl.io/ https://app-ab10.marketo.com/ https://platform.twitter.com/ https://ton.twimg.com/ ;frame-ancestors 'self'; base-uri 'self'; 2
report-uri https://o269987.ingest.sentry.io/api/1479527/security/?sentry_key=07c1468f690340efa6f22f9adb9cbca6&sentry_environment=prod&sentry_release=web-2827;default-src https: data: blob: wss: bankid: chrome-extension:;script-src https: data: blob: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-inline';frame-src https: data: ms-appx-web: mailto: tel: 2
default-src https: data: 'unsafe-inline' 'unsafe-eval';report-uri /wsapi/rest/v1/logging/reportcspviolation; 2
default-src 'none'; connect-src 'self' www.google.com https://cdncache-a.akamaihd.net wss wss://generatorhostels.com ws1.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com graylog.hotjar.com cdnjs.cloudflare.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com insights.hotjar.com generatorweb.sihot.com; font-src data null generatorweb.sihot.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self'; manifest-src 'self' generatorhostels.com; object-src 'self' generatorhostels.com; frame-src 'self' service.securesrv12.com secure.liveshoppersmac.com 3dsecure.klikbca.com geschuetzteinkaufen.commerzbank.de acs.sia.eu vcas1.visa.com www.securesuite.net acs1.edb.com secure5.arcot.com aacsw.3ds.verifiedbyvisa.com tpc.googlesyndication.com sas.redsys.es cdncache-a.akamaihd.net mastercardsecurecode.secureacs.com acs1.swedbank.se analytics-google.net https://acs2-3dsecure.cic.fr https://braip.com.br www.securesuite.co.uk secure.edb.com tsys.arcot.com secure7.arcot.com www.googletagmanager.com mozbar.moz.com www.facebook.com acs.airplus.com connect.facebook.net saferpay.com www.saferpay.com generatorweb.sihot.com generatorhostels.com bid.g.doubleclick.net staticxx.facebook.com vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com; img-src googleads.g.doubleclick.net butstrap.space https://spedcheck.space www.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe lh3.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw https://gateway.zscalertwo.net www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar https://gallery.mailchimp.com www.google.ch www.google.me www.google.com.ec www.google.ro www.google.kg www.google.nl www.google.com.mx https://canvaspl-a.akamaihd.net https://cdnstats-a.akamaihd.net www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.dk www.google.co.in www.google.hr www.gstatic.com generatorweb.sihot.com generatorstorage.blob.core.windows.net generatorhostels.com cbks0.googleapis.com csi.gstatic.com data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com img.youtube.com khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com 'self' generator.azureedge.net ssl.google-analytics.com stats.g.doubleclick.net web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com ajax.googleapis.com; media-src 'self' data:; script-src 'self' data blob about asset tpc.googlesyndication.com cdnjs.cloudflare.com cdn.jsdelivr.net www.thehotelsnetwork.com cdn.scarabresearch.com fdz.octapi.net data1.iti-maps.fr data1.itineraire.info asset about spedcheck.space rules.similardeals.net tags.clickintext.net lb.apicit.net butstrap.space https://cdncache-a.akamaihd.net secure.liveshoppersmac.com generatorweb.sihot.com maxcdn.bootstrapcdn.com ajax.googleapis.com api.instagram.com connect.facebook.net eval: googleads.g.doubleclick.net inline: maps.googleapis.com platform.instagram.com s.ytimg.com script.hotjar.com 'self' ssl.google-analytics.com static.hotjar.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.youtube.com; style-src ajax.googleapis.com fonts.googleapis.com inline: 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com generatorweb.sihot.com; report-uri https://crafted.report-uri.com/r/d/csp/reportOnly 2
default-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com; font-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com data: fonts.gstatic.com; script-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net *.olark.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.google.com *.googleadservices.com googleads.g.doubleclick.net; style-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com fonts.googleapis.com; img-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com 'unsafe-inline' data: secure.gravatar.com *.getclicky.com t.co *.facebook.com *.olark.com *.google-analytics.com *.gstatic.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.olark.com; connect-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.datadoghq.com *.getclicky.com *.facebook.com *.olark.com *.google-analytics.com *.g.doubleclick.net; frame-src 'self' artists.ultramusicfestival.com assets.ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net *.resistancemusic.com *.roadtoultra.com *.apple.com open.spotify.com *.soundcloud.com www.youtube.com www.facebook.com *.olark.com www.google.com bid.g.doubleclick.net; report-uri https://ynw5pjpc.uriports.com/reports/report; 2
block-all-mixed-content; frame-ancestors 'none'; report-uri https://vault.gostatera.com/collect/csp; 2
default-src blob: data: https:; script-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://www.hsn.com/mixed-content-collector; 2
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  *.cloudmaestro.com ak.sail-horizon.com www.snipesusa.com *.loginradius.com cdn.yottaa.com *.queue-it.net cdn.nextopia.net static.zdassets.com static.criteo.net platform.radius8.com www.googlecommerce.com www.googletagmanager.com connect.facebook.net static.shopgate.com s3.amazonaws.com tpc.googlesyndication.com staticw2.yotpo.com intljs.rmtag.com config.lrcontent.com www.google.com *.cdn4.forter.com cdn.inspectlet.com www.google-analytics.com tracker.marinsm.com bat.bing.com load.sumome.com snipeskicksusa.usablenet.com www.googleadservices.com ut.ra.linksynergy.com www.gstatic.com widget.us.criteo.com *.cloudfront.net googleads.g.doubleclick.net fast.wistia.com load.sumo.com js-agent.newrelic.com bam.nr-data.net *.facebook.com *.globalsign.com code.jquery.com assets.zendesk.com sslwidget.criteo.com api.bufferapp.com widgets.pinterest.com reddit.com *.reddit.com *.snipesusa.com *.yottaa.net vector.nextopiasoftware.com analytics.nextopia.net kicksusa.ecomm-nav.com; worker-src 'self' blob: *.snipesusa.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.angusrobertson.com.au; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: bam.nr-data.net *.hotjar.com googleads.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.google.com *.gstatic.com *.forter.com *.visualwebsiteoptimizer.com *.cloudfront.net static.scarabresearch.com cdn.scarabresearch.com apis.google.com *.criteo.com static.criteo.net *.newrelic.com connect.facebook.net platform.twitter.com d.impactradius-event.com *.afterpay.com; connect-src 'self' blob: *.hotjar.io *.nr-data.net stats.g.doubleclick.net *.emarsys.net *.scarabresearch.com *.hotjar.com *.salecycle.com  *.forter.com opentag-stats.qubit.com *.visualwebsiteoptimizer.com recommender.scarabresearch.com angusrobertson.4tqiav.net; img-src 'self' data: *.criteo.net *.google-analytics.com *.google.com *.bing.com *.google.com.au *.pinterest.com *.cloudfront.net *.visualwebsiteoptimizer.com *.facebook.com syndication.twitter.com *.secure-afterpay.com.au *.angusrobertson.com.au *.loggly.com; frame-src 'self' *.cloudfront.net *.angusrobertson.com.au *.google.com platform.twitter.com www.facebook.com staticxx.facebook.com www.youtube.com *.criteo.com *.criteo.net *.hotjar.com *.salecycle.com bid.g.doubleclick.net 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 2
default-src https: data: 'unsafe-inline'; report-uri https://3j40yr1pel.execute-api.us-east-1.amazonaws.com/prod/report-only 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://axaxl.com https://eus-prd-f8372a898644-xp2-cd.azurewebsites.net https://cdnjs.cloudflare.com *.company-target.com https://company-target.com https://api.company-target.com *.demandbase.com https://demandbase.com https://tag.demandbase.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.fls.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.co.uk https://doubleclick.net https://bid.g.doubleclick.net https://match.prod.bidr.io *.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://vjs.zencdn.net *.newrelic.com *.nr-data.net https://bam.nr-data.net https://js-agent.newrelic.com *.brightcove.com  *.brightcove.net *.media.brightcove.net *.api.brightcove.net https://secure.brightcove.com https://brightcove.com https://players.brightcove.net https://metrics.brightcove.com f1.media.brightcove.com https://edge.api.brightcove.com https://p.adsymptotic.com *.adsymptotic.com; report-uri https://axaxl.com/cspviolation; report-to https://axaxl.com/cspviolation 2
font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://h.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com data: https://imgs.signifyd.com *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.googletagmanager.com maps.googleapis.com developers.google.com https://t.trackedlink.net https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://imgs.signifyd.com https://cdn.searchspring.net https://api-cache.searchspring.io https://www.google.com https://www.gstatic.com *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://cdn.searchspring.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://imgs.signifyd.com https://beacon.searchspring.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self' *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.shopperapproved.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org *.shopperapproved.com pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.p-n.io *.opmnstr.com *.securedvisit.com *.g.doubleclick.net api.omappapi.com 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob://* data://* 'self'; connect-src 'self' *.akamaihd.net *.alcmpn.com *.annies-publishing.com *.bing.com *.brightcove.com *.brightcove.net *.cj.com *.eccmp.com *.emjcd.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.pingdom.net *.pinterest.com *.shareasale.com *.shopperapproved.com *.typekit.net *.zencdn.net cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net seal-easttexas.bbb.org *.shopperapproved.com pagead2.googlesyndication.com *.alcmpn.com www.googletagservices.com *.p-n.io *.opmnstr.com *.securedvisit.com *.g.doubleclick.net api.omappapi.com; report-uri /ajax/content_policy_violation.php 2
frame-ancestors 'self' frag-einen-anwalt.de *.frag-einen-anwalt.de 123recht.de *.123recht.de wohnungsboerse.net *.wohnungsboerse.net trauer.de *.trauer.de briefeguru.de *.briefeguru.de pflege-durch-angehoerige.de *.pflege-durch-angehoerige.de immobilienscout24.de *.immobilienscout24.de berlin.de *.berlin.de merkur-online.de *.merkur-online.de *.cdn.ampproject.org *.google.de *.google.com; report-uri /include/cspreport.asp 2
default-src https:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; object-src 'none'; img-src 'self' data: https:; font-src data: https:; frame-ancestors 'none'; block-all-mixed-content; report-uri https://lingvist.report-uri.com/r/d/csp/reportOnly 2
font-src d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net fonts.googleapis.com fonts.gstatic.com use.typekit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.janraincapture.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com secure.authorize.net test.authorize.net *.gomoxie.solutions *.janraincapture.com *.braintreegateway.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com stats.g.doubleclick.net d1dwsi2ysdg1so.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com secure.authorize.net test.authorize.net www.youtube.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net rpxnow.com *.rpxnow.com forty11115.pcapredict.com *.gomoxie.solutions *.googleapis.com d29usylhdk1xyu.cloudfront.net d1lqe9temigv1p.cloudfront.net js-agent.newrelic.com js.braintreegateway.com *.google.com *.gstatic.com bam.nr-data.net *.janraincapture.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.gomoxie.solutions d3hmp0045zy3cs.cloudfront.net fonts.googleapis.com p.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.shareacoke.com *.gomoxie.solutions bam.nr-data.net *.braintree-api.com *.paypal.com d29usylhdk1xyu.cloudfront.net d1lqe9temigv1p.cloudfront.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cokestore.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com *.adsymptotic.com adsymptotic.com linkedin.com *.hotjar.com *.hotjar.io *.myfonts.net *.youtube.com *.ytimg.com *.pingdom.net *.cloudflare.com *.btttag.com *.usemessages.com *.hsadspixel.net *.hubapi.com *.google.com *.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.licdn.com *.hsleadflows.net *.googletagmanager.com t.co okta.com ads-twitter.com propane.com srv.stackadapt.com webtype.com *.okta.com oktacdn.com pinimg.com pinterest.com *.vimeo.com *.algolia.net *.googleapis.com *.googleadservices.com *.mapbox.com adnxs.com *.adnxs.com twitter.com *.oktacdn.com *.hs-scripts.com hubspot.com facebook.net google-analytics.com licdn.com btttag.com cloudflare.com hotjar.com hotjar.io myfonts.net facebook.com pingdom.net hs-analytics.net hs-scripts.com hsleadflows.net usemessages.com hsadspixel.net hubapi.com google.com gstatic.com youtube.com ytimg.com googleapis.com googletagmanager.com googleadservices.com fls.doubleclick.net algolia.net g.doubleclick.net vimeo.com mapbox.com *.hs-analytics.net *.hubspot.com ads.linkedin.com pacificpropane.org georgiapropane.org floridapropane.org pgane.org s4mdsp.com hsforms.com *.hsforms.net nmpga.com ilpga.org placeholder.com rmpropane.org maptiler.com nrel.gov *.hsforms.com gravatar.com presage.io bugherd.com hsforms.net paypalobjects.com google.com.pa *.vimeocdn.com *.google.ca vimeocdn.com *.bugherd.com *.gravatar.com cloudfront.net *.cloudfront.net stripe.com nmgplatform.com nmgassets.com *.googlesyndication.com googlesyndication.com google.ca addevent.com *.paypalobjects.com; 2
report-uri /es/Error/ReportCPS; 2
default-src 'self' blob:; child-src: 'self' blob:; script-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net cdn.cookielaw.org assets.adobedtm.com players.brightcove.net img.en25.com vjs.zencdn.net www.automation.siemens.com w3.siemens.com profiles.siemens.com; style-src 'self' 'unsafe-inline' w3.siemens.com tools.adlytics.net profiles.siemens.com; img-src 'self' data: assets.new.siemens.com maps.siemens.com metrics.brightcove.com brightcove04pmdo-a.akamaihd.net cf-images.eu-west-1.prod.boltdns.net cf-images.us-east-1.prod.boltdns.net siemens.sc.omtrdc.net track.adform.net s2033604275.t.eloqua.com cdn.cookielaw.org cookies.siemens.com; font-src 'self' data: tools.adlytics.net; connect-src 'self' search.new.siemens.com w3.siemens.com siemens.sc.omtrdc.net siemens.tt.omtrdc.net *.demdex.net tools.adlytics.net cdn.cookielaw.org dmp.adform.net metrics.brightcove.com edge.api.brightcove.com secure.brightcove.com *.media.brightcove.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.fortbildung.siemens.com profiles.siemens.com searchapi.new.siemens.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; media-src 'self' assets.new.siemens.com secure.brightcove.com *.media.brightcove.com blob: manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com; worker-src 'self' 'unsafe-inline' blob:; object-src players.brightcove.net; block-all-mixed-content; reflected-xss block; base-uri 'self'; referrer origin-when-cross-origin; report-uri https://report-uri.dc.siemens-energy.com/ 2
default-src 'self'; script-src 'self' data: 'unsafe-inline' https://*; style-src 'self' 'unsafe-inline' https://*; img-src * 'self' https://*; font-src * 'self' https://*; connect-src https://*; frame-src https://* 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 2
default-src 'self'; img-src *.vggcdn.net *.viagogo.net *.doubleclick.net www.google.com www.google-analytics.com www.facebook.com img.riskified.com 'self' data:; style-src *.vggcdn.net 'unsafe-inline' 'self'; font-src *.vggcdn.net cdn.viagogo.net https://fonts.gstatic.com data:; frame-src www.recaptcha.net www.google.com *.doubleclick.net; connect-src 'self' *.vggcdn.net *.viagogo.net www.google-analytics.com *.riskified.com *.forter.com *.doubleclick.net; report-uri https://wt.viagogo.net/cspr; script-src 'self' 'unsafe-inline' 'unsafe-eval' ws.vggcdn.net www.google-analytics.com www.googleadservices.com www.googletagmanager.com connect.facebook.net *.doubleclick.net *.riskified.com *.forter.com ;  2
img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2
font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.sirv.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.sirv.com player.vimeo.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sirv.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sirv.com vimeo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.tarifcheck-partnerprogramm.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 2
frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report 2
default-src 'self' blob: https://forms.hubspot.com https://bid.g.doubleclick.net/ https://api.segment.io https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://www.google-analytics.com https://stats.g.doubleclick.net https://api-iam.intercom.io https://www.facebook.com wss://nexus-websocket-a.intercom.io https://js.intercomcdn.com https://hooks.zapier.com https://www.youtube.com; child-src 'self' blob:; connect-src https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://api.segment.io https://api-iam.intercom.io https://forms.hubspot.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://cdn.hevodata.com https://forms.hsforms.com https://res.cloudinary.com https://www.google.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://p.adsymptotic.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://dashboard.whoisvisiting.com https://stats.sa-as.com https://track.hubspot.com https://t.co https://www.google.co.in https://www.linkedin.com https://www.googletagmanager.com https://px.ads.linkedin.com https://www.google.com https://static.intercomassets.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://browser.sentry-cdn.com https://cdn.hevodata.com https://www.google.com https://widget.intercom.io https://cdn.segment.com https://js.hs-banner.com https://js.hs-scripts.com https://www.googletagmanager.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://js.hscollectedforms.net https://cdnjs.cloudflare.com https://app.whoisvisiting.com https://dev.visualwebsiteoptimizer.com https://rec.smartlook.com https://js.hs-analytics.net https://stats.sa-as.com https://www.google-analytics.com https://js.intercomcdn.com https://googleads.g.doubleclick.net https://www.google.co.in https://www.googleadservices.com https://analytics.twitter.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; worker-src blob:; report-uri https://hevodata.uriports.com/reports/report; report-to default 2
frame-ancestors 'self'; report-uri https://report.csp.api.brightspace.com/report; 2
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'unsafe-eval' 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src self blob: 2
report-uri /_/csp-reports 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com *.dynatrace.com *.abtasty.com ajax.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com stats.g.doubleclick.net www.enterice.com www.google-analytics.com www.gstatic.com; connect-src 'self' *.dynatrace.com *.abtasty.com *.optimizely.com www.enterice.com stats.g.doubleclick.net www.google-analytics.com; img-src 'self' *.abtasty.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com stats.g.doubleclick.net www.google.com secure.comodo.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com; font-src 'self' fonts.gstatic.com; frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.homepointfinanical.com https://cdnjs.cloudflare.com https://*.mortgageloan.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://stats.g.doubleclick.net https://www.gravatar.com https://*.umbraco.org https://pixel-a.basis.net https://pixel.sitescout.com https://snazzymaps.com https://*.podium.com; report-uri https://hpfc.report-uri.com/r/d/csp/reportOnly 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.abstractscorecard.com www.googletagmanager.com www.mycadmium.com; style-src-elem 'unsafe-eval' 'unsafe-inline' www.abstractscorecard.com www.mycadmium.com; report-uri /csp-violation-report-endpoint/ 2
block-all-mixed-content 2
default-src 'unsafe-inline' 'unsafe-eval' data: https:; 2
default-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.disqus.com *.disquscdn.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.pinterest.com *.youtube.com disqus.com s.ytimg.com stephband.info https://thirdhour.org; connect-src https:; font-src data: https:; form-action https:; frame-src https:; child-src https:; img-src data: https:; manifest-src https:; media-src https:; object-src https:; upgrade-insecure-requests 2
font-src https://*.gstatic.com https://*.hotjar.com https://*.cloudfront.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://*.doubleclick.net https://www.google.com https://*.hotjar.com https://*.livechatinc.com https://*.reviews.co.uk 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://*.doubleclick.net https://www.google.com https://www.google.co.uk https://*.cloudfront.net https://*.facebook.com https://*.yotpo.com data: https://*.heritagepartscenter.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com polyfill.io https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://*.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://*.nr-data.net https://*.newrelic.net https://*.newrelic.com https://*.livechatinc.com https://*.facebook.net https://*.webgains.io https://*.chimpstatic.com https://*.yotpo.com https://*.reviews.co.uk https://*.trackedlink.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://*.googleapis.com https://*.yotpo.com https://*.cloudfront.net https://*.reviews.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://*.livechatinc.com https://*.heritagepartscenter.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net https://*.reviews.co.uk 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src *.cloud.mail.ru *.clob.mail.ru *.cloud.mail.ru *.datacloudmail.ru *.cldmail.ru *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net *.gemius.pl *.weborama.fr *.adriver.ru *.serving-sys.com featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com  *.yandex.ru; script-src 'unsafe-inline' 'unsafe-eval' *.cloud.mail.ru *.datacloudmail.ru *.cldmail.ru *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net *.yandex.ru *.odnoklassniki.ru odnoklassniki.ru *.ok.ru ok.ru *.scorecardresearch.com www.google-analytics.com www.googletagmanager.com featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com yastatic.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org; img-src data: *; style-src 'unsafe-inline' *.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com cdn.consentmanager.mgr.consensu.org; font-src data: cloud.mail.ru *.imgsmail.ru *.files.attachmail.ru *.mradx.net featherservices.aviary.com d42hh4005hpu.cloudfront.net dme0ih8comzn4.cloudfront.net feather-client-files-aviary-prod-us-east-1.s3.amazonaws.com; frame-src *.mail.ru *.datacloudmail.ru *.cldmail.ru docs.mail.ru *.officeapps.live.com *.mradx.net yastatic.net; object-src data: blob: https://*; report-uri https://cspreport.mail.ru/cloud/; worker-src blob: *.mail.ru; connect-src https://*.mail.ru https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://ok.ru https://*.yandex.ru; 2
default-src 'none'; script-src 'self' 'unsafe-inline' https://heinlein-support.de/piwik/; style-src 'self' 'unsafe-inline'; img-src 'self' data: 'unsafe-inline' https://heinlein-support.de/upload/ http://www.heinlein-support.de/; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com/; font-src 'self'; connect-src 'self'; object-src 'self'; form-action 'self'; base-uri 'none' 2
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com http://www.google.com https://www.google.com http://fonts.googleapis.com https://www.googletagmanager.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com/ https://player.vimeo.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://fonts.googleapis.com http://fonts.googleapis.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://us1.siteimprove.com/ https://us1.siteimprove.com/ http://siteimproveanalytics.com https://siteimproveanalytics.com http://www.googleadservices.com https://www.googleadservices.com http://connect.facebook.net https://connect.facebook.net http://platform.twitter.com https://platform.twitter.com http://static.ads-twitter.com https://static.ads-twitter.com http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://analytics.twitter.com https://analytics.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://cloud.typography.com/ https://cloud.typography.com/ http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://www.robinskaplan.com/; media-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com http://player.vimeo.com https://player.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' data: http://cloud.typography.com https://cloud.typography.com https://www.robinskaplan.com; frame-src 'self' http://player.vimeo.com https://player.vimeo.com http://www.youtube.com https://www.youtube.com http://www.vimeo.com https://www.vimeo.com https://www.google.com http://analytics.clickdimensions.com https://analytics.clickdimensions.com http://bid.g.doubleclick.net/ https://bid.g.doubleclick.net/; 2
default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 2
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.trustpilot.com player.vimeo.com youtube.com *.creativecdn.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com s.ytimg.com *.bing.com *.crobox.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.youtube.com video.google.com *.googletagmanager.com *.google.com *.gstatic.com *.google-analytics.com *.trackedlink.net *.cookiebot.com *.blueconic.net *.visualwebsiteoptimizer.com *.trustpilot.com *.windows.net *.sooqr.com *.msecnd.net *.usabilla.com *.newrelic.com *.pinterest.com *.hotjar.com *.pinimg.com *.facebook.net *.creative-serving.com *.creativecdn.com *.crobox.io *.robinhq.com *.bing.com *.go-mpulse.net *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com static.sooqr.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eluscious.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data 2
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 2
default-src 'self' https: blob:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob: http:; connect-src 'self' https: api.ecobnb.net hits-i.iubenda.com cdnjs.cloudflare.com ajax.googleapis.com code.jquery.com insights.hotjar.com links.services.disqus.com *.hotjar.com *.optimizely.com wss://*.hotjar.com wss://*.ecobnb.com wss://ecobnb.it wss://ecobnb.fr wss://ecobnb.de; font-src 'self' https: fonts.gstatic.com sb.ecobnb.net sxt.cdn.skype.com maxcdn.bootstrapcdn.com data:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https: blob:; style-src 'self' https: 'unsafe-inline' http:; child-src *; frame-src *; report-uri https://2zkpbvapeqvwwp13110qnocb.httpschecker.net/report; 2
font-src fonts.gstatic.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com widget.cloudinary.com *.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com res.cloudinary.com *.facebook.com *.google.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com widget.cloudinary.com https://r1-t.trackedlink.net/ *.braintreegateway.com *.braintree-api.com *.google.com *.googletagmanager.com *.hotjar.com *.gstatic.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 2
default-src 'unsafe-inline' 'unsafe-eval' * 'self' data: blob:; report-uri /r/violation 2
img-src 'self' data: https://www.travelcar.com https://*.basemaps.cartocdn.com https://*.twimg.com https://*.twitter.com https://www.google-analytics.com https://www.google.com https://www.google.fr;script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' data: https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://*.bootstrapcdn.com https://cdn.jsdelivr.net https://*.facebook.net https://*.twitter.com https://*.twimg.com https://widget.trustpilot.com https://www.googleadservices.com https://www.google-analytics.com https://mastertag.effiliation.com https://googleads.g.doubleclick.net; style-src 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://platform.twitter.com https://*.twimg.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; connect-src 'self' https://s3-eu-west-1.amazonaws.com https://www.google-analytics.com; frame-src 'self' https://*.twitter.com https://*.facebook.com https://widget.trustpilot.com; report-uri /api/csp-violation 2
default-src 'self' https://themes.googleusercontent.com/; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' https://rivm.nl/ https://*.rivm.nl/; report-uri /report-csp-violation 2
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.marcelle.com *.cloudmaestro.com widget-mediator.zopim.com *.cloudflare.com acuityplatform.com *.google.com chimpstatic.com www.googletagmanager.com *.google-analytics.com analytics.twitter.com *.facebook.net *.hotjar.com static.zdassets.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.zendesk.com *.criteo.net www.youtube.com s.ytimg.com *.criteo.com ajax.googleapis.com api.instagram.com app.purechat.com widget.surveymonkey.com secure-cdn.mplxtms.com snap.licdn.com *.annabelle.com www.lisewatier.com www.lisewatier.us www.salesgroupemarcelle.com www.googleadservices.com secure.adnxs.com ib.adnxs.com platform.twitter.com s.pinimg.com googleads.g.doubleclick.net static.ads-twitter.com *.queue-it.net marcelle.us5.list-manage.com 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.criteo.com https://*.dynamicyield.com https://*.g.doubleclick.net https://*.hotjar.com https://*.salesforceliveagent.com https://*.taboola.com https://ajax.googleapis.com https://amplify.outbrain.com https://api.tiles.mapbox.com/mapbox-gl-js/v0.40.0/mapbox-gl.js https://app-ab06.marketo.com https://bat.bing.com/bat.js https://cdn.heapanalytics.com/js/ https://cdn.walkme.com https://cdnjs.cloudflare.com https://connect.facebook.net https://dsms0mj1bbhn4.cloudfront.net/assets/pub/shareaholic.js https://extend.vimeocdn.com https://flex.atdmt.com https://freecurrencyrates.com https://graph.facebook.com https://intljs.rmtag.com https://k4z6w9b5.stackpathcdn.com https://media.gadventures.com/ghql/ https://munchkin.marketo.net https://npmcdn.com/@turf/turf@4.6.1/turf.min.js https://rules.quantcount.com https://s.pinimg.com https://s.ytimg.com https://s3.amazonaws.com/gadventures/ https://secure.quantserve.com https://service.force.com https://starling.crowdriff.com/js/ https://static.criteo.net https://static.filestackapi.com https://tags.tiqcdn.com/utag/gadventures/ https://tags.tiqcdn.com/utag/tiqapp/ https://tpc.googlesyndication.com https://upload.crowdriff.com/js/ https://use.fontawesome.com https://widget.trustpilot.com https://widgets.pinterest.com https://www.awin1.com https://www.dwin1.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com/iframe_api https://media.gadventures.com/media-server/; style-src 'unsafe-inline' https://api.tiles.mapbox.com/mapbox-gl-js/v0.40.0/mapbox-gl.css https://app-ab06.marketo.com https://cdn.dynamicyield.com https://cdnjs.cloudflare.com https://fonts.googleapis.com/css https://s3.amazonaws.com/gadventures/ https://service.force.com https://starling.crowdriff.com/css/ https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/leaflet.css https://use.fontawesome.com https://media.gadventures.com/media-server/; frame-ancestors 'self'; manifest-src https://media.gadventures.com; default-src 'none'; frame-src https://*.criteo.com https://*.facebook.com https://*.instagram.com https://app-ab06.marketo.com https://bid.g.doubleclick.net/xbbe/pixel https://cdn.walkme.com https://gadventures.qualtrics.com https://maps.google.com https://player.vimeo.com https://service.force.com https://static.criteo.net https://tpc.googlesyndication.com https://vars.hotjar.com https://widget.trustpilot.com https://www.awin1.com https://www.youtube.com; upgrade-insecure-requests; img-src 'self' blob: data: https://*.criteo.com https://*.criteo.net https://*.g.doubleclick.net https://*.gadventures.com https://*.outbrain.com https://bat.bing.com https://cdn.dynamicyield.com/api/8771071/images/ https://ct.pinterest.com https://cx.atdmt.com https://d3qvqlc701gzhm.cloudfront.net https://freecurrencyrates.com https://heapanalytics.com https://i.vimeocdn.com https://i.ytimg.com https://media-gadventures.global.ssl.fastly.net https://nypi.dc-storm.com https://pixel.quantserve.com https://starling.crowdriff.com https://static.filestackapi.com https://unpkg.com/leaflet@1.2.0/dist/images/ https://www.awin1.com https://www.clixgalore.com https://www.emjcd.com https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.zenaps.com/a/b.php https://media.gadventures.com/media-server/ https://www.google.com; media-src https://crowdriff-video-upload.s3.amazonaws.com https://media-gadventures.global.ssl.fastly.net https://www.gadventures.com https://media.gadventures.com/media-server/; connect-src 'self' https://*.dynamicyield.com https://*.filestackapi.com https://110-ail-152.mktoresp.com/webevents/ https://analytics.shareaholic.com https://api.maptiler.com https://ct.pinterest.com/user/ https://heapanalytics.com https://in.hotjar.com https://media.gadventures.com https://rest.gadventures.com https://sentry.io/api/126322/store/ https://starling.crowdriff.com/graphql https://stats.g.doubleclick.net https://trc.taboola.com https://upload.crowdriff.com https://vc.hotjar.io https://widget.trustpilot.com/data/jsonld/business-unit/ https://www.facebook.com/tr/ https://www.google-analytics.com https://www.shareaholic.net; font-src data: https://cdn.dynamicyield.com/onsite/fonts/ https://cdnjs.cloudflare.com https://fonts.gstatic.com https://freecurrencyrates.com https://k4z6w9b5.stackpathcdn.com https://media-gadventures.global.ssl.fastly.net https://s3.amazonaws.com/gadventures/ https://use.fontawesome.com https://media.gadventures.com/media-server/; form-action 'self' https://*.facebook.com 2
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-xUQcjHXkAfsqgYPp5eXPEjb+c/CcEfnvUxHuSLGcvrc='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 2
default-src 'none';  script-src 'self' https://www.googletagmanager.com;  connect-src 'self';  img-src 'self' https://no-cache.hubspot.com https://cdn.vidyard.com;  style-src 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; base-uri 'self'; form-action 'self'; font-source https://fonts.gstatic.com; connect-src https://settings.luckyorange.net 2
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; report-to content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; 2
font-src *.bootstrapcdn.com *.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.youtube.com *.hotjar.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.google.com *.google.fr *.facebook.net *.facebook.com *.pinterest.com personnaliser.c-monetiquette.fr 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.hotjar.com *.googletagmanager.com *.google-analytics.com *.trustpilot.com *.facebook.net *.pinimg.com googleads.g.doubleclick.net tag.aticdn.net img.metaffiliation.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.net *.facebook.com wgn.c-monetiquette.fr www.google-analytics.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 2
script-src 'nonce-gQprWPMFLBU7CbStuVwWpQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
frame-ancestors 'self'; report-uri https://csp-receiver.booking.com/csp_violation?type=report&tag=112&pid=3917154fc15900a0&e=UmFuZG9tSVYkc2RlIyh9YYYdGuViorKPwcG8SNnQAx-NpM3J9sPsSygcoPq01GUd&f=2&s=0; 1
default-src https: data: blob: android-webview-video-poster: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reports/; 1
report-uri https://www.yelp.com/csp_report_only?id=c17f6cad2f4f4cb2&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601006789; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src 'self' data: blob: *.tiktokcdn.com *.akamaized.net *.tiktok.com *.byteoversea.com *.ibytedtos.com *.tiktokcdn-in.com;connect-src *.google-analytics.com *.ibytedtos.com *.bytedanceapi.com *.tiktokv.com *.tiktok.com *.byteoversea.com *.tiktokcdn.com *.tiktokcdn-in.com *.hypstarcdn.com *.ipstatp.com *.bytedance.com;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.byteoversea.com *.ibytedtos.com *.ipstatp.com *.tiktok.com *.tiktokcdn-in.com *.tiktokcdn.com *.hypstarcdn.com *.googletagmanager.com *.google-analytics.com *.akamaized.com *.googleapis.com *.sgpstatp.com 'nonce-nF87DhVuMpwXfQFlsXH7v';style-src 'unsafe-inline' *.tiktokcdn.com *.tiktokcdn-in.com *.akamaized.net *.ibytedtos.com *.tiktok.com *.ipstatp.com *.ibyteimg.com *.googleapis.com;img-src data: *.akamaized.net *.tiktokcdn.com *.tiktokcdn-in.com *.ibytedtos.com *.ibyteimg.com *.tiktok.com *.hypstarcdn.com *.facebook.com *.google-analytics.com *.googletagmanager.com;frame-src *.tiktok.com;media-src blob: *.tiktok.com *.tiktokv.com *.tiktokcdn.com *.tiktokcdn-in.com *.akamaized.net *.ibyteimg.com *.ibytedtos.com;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=tiktok_web 1
default-src 'self' *.jimstatic.com data: 'unsafe-eval' 'unsafe-inline'; connect-src 'self' *.doubleclick.net *.facebook.net bat.bing.com *.google.com *.facebook.com *.jimstatic.com app.launchdarkly.com events.launchdarkly.com trc.taboola.com trc-events.taboola.com ct.pinterest.com *.google-analytics.com *.jimdo.com sessions.bugsnag.com *.jimdo-platform.net; font-src 'self' github.com  *.gstatic.com *.jimstatic.com data:; frame-src 'self' *.google.com *.huibvintges.com *.googlesyndication.com *.jimdo.com *.facebook.com; img-src 'self' *.google.ru *.google.com.pa *.adsrvr.org *.google.co.in *.google.co.jp *.google.it *.google.kg *.atdmt.com *.adsymptotic.com *.google.nl *.amazonaws.com *.tvsquared.com *.google.ch *.google.at *.jimcdn.com *.jimdo-server.com *.google.fr *.linkedin.com cds.taboola.com p1.zemanta.com *.doubleclick.net *.google-analytics.com *.google.de bat.bing.com tr.outbrain.com amplifypixel.outbrain.com *.facebook.com ct.pinterest.com *.google.com blob: data:; script-src 'self' *.crazyegg.com *.moatads.com *.jimdo.com *.bunchbox.co *.gstatic.com *.jimstatic.com *.jimdo-server.com *.facebook.com *.addthisedge.com statics.a8.net *.yahoo.co.jp *.googlesyndication.com *.addthis.com *.cloudflare.com *.tvsquared.com *.licdn.com *.amazonaws.com connect.facebook.net s.pinimg.com bat.bing.com amplify.outbrain.com cdn.taboola.com *.doubleclick.net trc.taboola.com *.googletagmanager.com *.google.com *.google-analytics.com *.googleadservices.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.jimcdn.com *.jimstatic.com 'unsafe-inline'; report-uri https://o378271.ingest.sentry.io/api/5201427/security/?sentry_key=b97b30d6fd6244419f1e761e6f6f319a 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com&source%5Bsection%5D=brochure&source%5Buuid%5D=20fb697dd33f94e3d1fc19c369b61915 1
script-src 'nonce-pk9ZPWAtPUNlTvZZt4N9Mg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/cacerts; base-uri 'none' 1
default-src 'self' data: blob: *.tiktokcdn.com *.akamaized.net *.tiktok.com *.byteoversea.com *.ibytedtos.com *.tiktokcdn-in.com;connect-src *.google-analytics.com *.ibytedtos.com *.bytedanceapi.com *.tiktokv.com *.tiktok.com *.byteoversea.com *.tiktokcdn.com *.tiktokcdn-in.com *.hypstarcdn.com *.ipstatp.com *.bytedance.com;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.byteoversea.com *.ibytedtos.com *.ipstatp.com *.tiktok.com *.tiktokcdn-in.com *.tiktokcdn.com *.hypstarcdn.com *.googletagmanager.com *.google-analytics.com *.akamaized.com *.googleapis.com *.sgpstatp.com 'nonce-pmMD8hOSHrVobzu1e7Ye4';style-src 'unsafe-inline' *.tiktokcdn.com *.tiktokcdn-in.com *.akamaized.net *.ibytedtos.com *.tiktok.com *.ipstatp.com *.ibyteimg.com *.googleapis.com;img-src data: *.akamaized.net *.tiktokcdn.com *.tiktokcdn-in.com *.ibytedtos.com *.ibyteimg.com *.tiktok.com *.hypstarcdn.com *.facebook.com *.google-analytics.com *.googletagmanager.com;frame-src *.tiktok.com;media-src blob: *.tiktok.com *.tiktokv.com *.tiktokcdn.com *.tiktokcdn-in.com *.akamaized.net *.ibyteimg.com *.ibytedtos.com;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=tiktok_web 1
default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self'; base-uri https: data:;  object-src 'self'; font-src https: data:; script-src 'nonce-f50d3f7e-e103-4d08-b171-1cd8e64e0efc' https: 'unsafe-inline' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp 1
script-src 'nonce-DvmlEid_GgONwhJCQFEp9A' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/www_google; base-uri 'none' 1
frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report; report-to csp-endpoint 1
script-src 'nonce-0TnG0M0XSE9bZcdexPB5LQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/www_google; base-uri 'none' 1
default-src 'self' ; img-src * data: ; script-src 'unsafe-eval' 'self' www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com tagmanager.google.com data: ; connect-src 'self' www.google-analytics.com ssl.google-analytics.com ; media-src 'self' ; style-src 'self' fonts.googleapis.com tagmanager.google.com ; font-src 'self' fonts.gstatic.com data: ; frame-ancestors 'none' ; report-uri https://csp-report.postgresql.org/ 1
object-src *.leboncoin.fr; frame-ancestors *.leboncoin.fr; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1
default-src * blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=131-2528913-6603119:rid=N5PA7CG13MP8QPQN35ZN:sn=www.audible.com 1
script-src 'self' 'unsafe-inline' 'nonce-wWVOWzdLTjlbyt20MeKhBW6i0EFNigps' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://cdn.botframework.com 'strict-dynamic' nonce-wWVOWzdLTjlbyt20MeKhBW6i0EFNigps; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://www.google-analytics.com http://*.vetsgov-internal https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content  ; form-action 'self' https://vicbdc.vba.va.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ; 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:;frame-src 'self' sinaweibo: weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn sinanews: sinanewslite: intent: se5bed38c567feb2a: sb5750862870e1cc2: sdc77698a60e45368: sb2623a3919ed77d3: s3d4cfbed31875e1c: sc876cbd9ae34e814: sdf08f19582289581: sc640c3792845ba3e: se8525a4dbfaa192b: sb5261983836bde16: sinablog: sinanewapmwebview: sinanewsdirect: sinafinance:; script-src 'self' 'unsafe-inline' 'unsafe-eval' weibo.com *.weibo.com weibo.cn *.weibo.cn sina.com.cn *.sina.com.cn sina.cn *.sina.cn *.sinaimg.cn *.qchannel03.cn *.qihucdn.com *.qhres.com *.sinajs.cn *.leju.com *.qq.com qzonestyle.gtimg.cn; report-uri https://logger.sina.cn/report; 1
default-src 'self'; base-uri 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-bjqw+x66As3OhfkISDTqXg=='; style-src 'self' http: https: 'unsafe-inline'; connect-src 'self' http: https: data:; media-src 'self' http: https: blob: data:; frame-ancestors app.optimizely.com; frame-src 8294363.fls.doubleclick.net 9355701.fls.doubleclick.net/ a5935064.cdn.optimizely.com app.optimizely.com b.company-target.com bid.g.doubleclick.net c1.adform.net www.facebook.com fast.wistia.com fast.wistia.net js.driftt.com platform.twitter.com rollouts-markitecture.herokuapp.com subscriptions.smartrecruiters.com www.slideshare.net events.bizzabo.com accounts.bizzabo.com; font-src 'self' data: https: *.amazonaws.com/optimizely-marketing-site-assets-prod du7782fucwe1l.cloudfront.net fonts.gstatic.com js.driftt.com; img-src data: http: https: cdn.optimizely.com maps.gstatic.com; plugin-types application/pdf; object-src 'none'; report-uri https://cspreporter.optimizely.com/report/f2ef3de9-4cc8-4389-9b7c-6347689923e0 1
block-all-mixed-content; object-src 'none'; frame-ancestors 'none'; report-uri https://sentry.io/api/148442/security/?sentry_key=48196e632bb14305ad3fe47c6570e363 1
script-src 'nonce-7yGy3exNfAt9ozUdHOcESA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self'; report-uri https://csp.yahoo.com/beacon/csp?src=fendr_www.flurry.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-5cfa0d0da32a875ac9099666aab26e13' 'sha384-7uqQfGVKWAthYOKjE4CToVZDjNGO+rxLDL5sFo1HUI3u+vwLmAinEM0/LcURoj1h' 'sha256-spTpc4lvj4dOkKjrGokIrHkJgNA0xMS98Pw9N7ir9oI=' 'sha384-4FS9nLDjKOPIgz/SgGvZV4C8RHHRyRP1Fb6ZW/XH/o8PFaviPmgzLc6kOS2GQ87x' 'sha384-3vojR0D/VZNPM9rutbkAQlVZeDVrc50TkyBVfVpqoZzVQpWA65x5mQXOij0vt2Cu' 'sha384-VI5+XuguQ/l3kUhh4knz7Hxptx47wpQbVRDnp8v7Vvuhzwn1PEYb/uvtH6KLxv6d' 'report-sample'; object-src 'none'; base-uri 'self'; connect-src https://doordash.com https://analytics.google.com https://api.amplitude.com https://ct.pinterest.com https://p.tvpixel.com https://api.segment.io https://bat.bing.com https://www.facebook.com https://sentry.io https://bam.nr-data.net https://page-service-qa.doordash.com https://page-service.doordash.com https://cdn.doordash.com https://tn.alphonso.tv https://s3-design-language-system.cdn4dd.com https://logx.optimizely.com https://*.optimizely.com https://www.google-analytics.com https://www.doordash.com https://stats.g.doubleclick.net https://www.google-analytics.com https://order.online https://*.order.online https://preview.trycaviar.com https://staging.trycaviar.com https://qa.trycaviar.com/ https://www.trycaviar.com https://trycaviar.com https://www.google.com https://client-analytics.braintreegateway.com https://api.braintreegateway.com https://payments.braintree-api.com https://wwww.google.ca https://wwww.google.com.au https://api.doordash.com https://api-consumer-client.doordash.com https://www.paypal.com; frame-ancestors 'self'; report-uri https://sentry.io/api/5175049/security/?sentry_key=c269bf7b8bc44929b43bbb29e11cece5&sentry_environment=prod; worker-src 'none' 1
img-src blob: data: https:; default-src data: blob: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://counter.drom.ru/report/ 1
script-src 'sha256-YmN7rUO5LaSTkdMqk4H8Yj8zgvXlWg0TPLNQiSOKCA0=' 'nonce-2EZbhBT4IWQ82nH4817q+Q==' 'self' 'unsafe-inline' https://note.com https://d291vdycu0ht11.cloudfront.net https://d2l930y2yx77uc.cloudfront.net https://polyfill.io https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com/firebasejs https://*.facebook.net https://platform.twitter.com https://*.twimg.com https://cdn.iframe.ly https://cdn.embedly.com https://*.tiktok.com https://*.tiktokcdn.com https://*.ibytedtos.com https://speakerdeck.com https://*.mul-pay.jp; object-src 'none'; base-uri 'self' 1
report-uri https://app.asana.com/-/csp_report; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.ads-twitter.com https://ajax.aspnetcdn.com https://bat.bing.com https://sjs.bizographics.com https://ct.capterra.com https://reveal.clearbit.com https://googleads.g.doubleclick.net https://ethn.io https://connect.facebook.net https://tracking.g2crowd.com https://www.google-analytics.com https://apis.google.com https://www.googleadservices.com https://*.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ssl.gstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.jotfor.ms https://form.jotform.us https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://accounts.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://luna1.co https://js.recurly.com https://search-api.swiftype.com https://s.swiftypecdn.com https://analytics.twitter.com https://platform.twitter.com https://fast.wistia.com https://fast.wistia.net https://www.youtube.com https://s.ytimg.com https://*.marketo.com https://*.marketo.net https://js.driftt.com/* 1
default-src 'none'; block-all-mixed-content; connect-src https://*.huffingtonpost.co.uk https://*.huffingtonpost.com 'self'; frame-ancestors 'none'; img-src 'self' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; media-src 'none'; script-src 'self' 'nonce-Es/eWITyEhrOERO0RAZFWPgyma+KSJMO' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; style-src 'self' 'nonce-Es/eWITyEhrOERO0RAZFWPgyma+KSJMO' https://s.yimg.com https://*.huffingtonpost.co.uk https://*.huffingtonpost.com; font-src 'self'; object-src 'none'; frame-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=guce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://website.amnesty.local:35729/ https://az416426.vo.msecnd.net/ http://dev.visualwebsiteoptimizer.com/ https://connect.facebook.net/ http://script.crazyegg.com/ http://maps.googleapis.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com http://*.civiccomputing.com/ http://*.hotjar.com http://www.google-analytics.com/; img-src * data:; style-src 'self' 'unsafe-inline' http://hello.myfonts.net/count/2c502a; report-uri /umbraco/api/contentsecuritypolicy/report/ 1
script-src 'unsafe-eval' blob: 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline' login.wikimedia.org; default-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org en.wikipedia.org en.wiktionary.org en.wikibooks.org en.wikiquote.org en.wikisource.org commons.wikimedia.org en.wikinews.org en.wikiversity.org www.wikidata.org species.wikimedia.org incubator.wikimedia.org en.wikivoyage.org login.wikimedia.org; style-src 'self' data: blob: upload.wikimedia.org https://commons.wikimedia.org meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org wikimedia.org 'unsafe-inline'; object-src 'none'; report-uri /w/api.php?action=cspreport&format=json&reportonly=1 1
default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=sph&d=2020-09-25 1
block-all-mixed-content; frame-ancestors 'self' https://*.rte.ie https://*.rtegroup.ie; report-uri https://rte.report-uri.com/r/t/csp/reportOnly 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 'report-sample' 'strict-dynamic' https://use.typekit.net 'nonce-xAGrOLCtVcPgC'; style-src 'self' 'unsafe-inline' 'report-sample'; font-src 'self'; img-src 'self' data: 'report-sample' https://s3.amazonaws.com https://eps.images.fr2.criticaljuncture.org https://private.images.fr2.criticaljuncture.org https://images.fr2.criticaljuncture.org https://lede-photos.fr2.criticaljuncture.org https://agency-logos.fr2.criticaljuncture.org https://public-inspection.fr2.criticaljuncture.org https://eps.images.federalregister.gov https://private.images.federalregister.gov https://images.federalregister.gov https://lede-photos.federalregister.gov https://agency-logos.federalregister.gov https://public-inspection.federalregister.gov https://www.google-analytics.com https://www.googletagmanager.com/; form-action 'self' 'report-sample' ; object-src 'none'; connect-src 'self' https://api.honeybadger.io https://www.google-analytics.com https://ekr.zdassets.com https://ofr.zendesk.com; frame-ancestors 'none'; base-uri 'none'; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=&env=production& 1
style-src 'self' 'unsafe-inline' web-assets.waze.com fonts.googleapis.com; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' web-assets.waze.com www.youtube.com www.googleadservices.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net s.ytimg.com ; report-uri https://csp.withgoogle.com/csp/waze/20191118_experiment; 1
frame-ancestors https://*.so-net.ne.jp http://*.so-net.ne.jp https://*.sonynetwork.co.jp https://*.sony.com https://*.sony.co.jp https://*.sonymobile.co.jp http://postpet.jp; report-uri /cgi-bin/csp-reports.cgi 1
connect-src 'self' 'unsafe-eval'  *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com *.sentry.io https://sentry.io report-sample;  default-src 'self' blob: data: *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com optimize.google.com *.google.com *.googleoptimize.com *.googletagmanager.com *.sentry.io https://sentry.io report-sample;  font-src 'self' 'unsafe-eval' data: *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com fonts.googleapis.com fonts.gstatic.com report-sample;  frame-src 'self'  *.facebook.com *.facebook.net connect.facebook.net *.geistm.com *.blackfire.pro  optimize.google.com *.google.com *.googleoptimize.com *.googletagmanager.com report-sample;  img-src 'self' data: blob: 'unsafe-inline' *; media-src 'self' data: blob: 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.typekit.net *.facebook.com *.facebook.net connect.facebook.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com optimize.google.com *.google.com *.googleoptimize.com *.sentry.io https://sentry.io report-sample;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  *.typekit.net *.facebook.com *.facebook.net connect.facebook.net *.facebook.com *.facebook.net connect.facebook.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com optimize.google.com *.google.com *.googleoptimize.com *.sentry.io https://sentry.io report-sample;  style-src 'self' 'unsafe-eval' 'unsafe-inline'  *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com fonts.googleapis.com fonts.gstatic.com optimize.google.com *.google.com *.googleoptimize.com report-sample;  style-src-elem 'self' 'unsafe-eval' 'unsafe-inline'  *.typekit.net *.fontawesome.com *.geistm.com *.blackfire.pro  *.googleapis.com *.googleadservices.com *.google.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.google.com fonts.googleapis.com fonts.gstatic.com optimize.google.com *.google.com *.googleoptimize.com report-sample;  block-all-mixed-content; report-uri https://sentry.io/api/2983595/security/?sentry_key=21fae161c11a42bb965ab8ccf544f1fd 1
frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: nj.gov healthapps.state.nj.us www-njlib.state.nj.us www.google.com lwdwebpt.dol.state.nj.us maps.arcgis.com www.state.nj.us public.govdelivery.com www.facebook.com syndication.twitter.com cse.google.com calendar.google.com www.nj.gov platform.twitter.com info.csc.state.nj.us www.youtube.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.credit-card-logos.com s7.addthis.com sdc.state.nj.us 77604.global.siteimproveanalytics.io www.googletagmanager.com code.jquery.com www.google-analytics.com 6019636.global.siteimproveanalytics.io www.nj.gov files.constantcontact.com clients1.google.com www.njsp.org myunemployment.nj.gov cdn.jsdelivr.net 1468.global.siteimproveanalytics.io www.googleapis.com ton.twimg.com www.google.com platform.twitter.com js.arcgis.com nj.gov abs.twimg.com translate.googleapis.com embedwistia-a.akamaihd.net njsuccess.dol.state.nj.us www.state.nj.us i.ytimg.com www.gstatic.com unpkg.com parvin03-e.njes.state.nj.us server.arcgisonline.com pbs.twimg.com syndication.twitter.com www.facebook.com maps.nj.gov 77497.global.siteimproveanalytics.io; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.nj.gov maxcdn.bootstrapcdn.com translate.google.com cse.google.com use.fontawesome.com cdn.syndication.twimg.com www.googletagmanager.com www.gstatic.com www.google-analytics.com njsuccess.dol.state.nj.us translate.googleapis.com sdc.state.nj.us cdn.jsdelivr.net www.google.com platform.twitter.com ajax.googleapis.com public.govdelivery.com unpkg.com code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com nj.gov siteimproveanalytics.com connect.facebook.net tools.cdc.gov; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: platform.twitter.com cdnjs.cloudflare.com use.fontawesome.com fonts.googleapis.com unpkg.com www.state.nj.us maxcdn.bootstrapcdn.com www.nj.gov nj.gov code.jquery.com use.typekit.net translate.googleapis.com js.arcgis.com njsuccess.dol.state.nj.us cdn.jsdelivr.net ton.twimg.com p.typekit.net stackpath.bootstrapcdn.com www.google.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: search.nj.gov public.govdelivery.com www.njlottery.com stats.g.doubleclick.net c.statcounter.com www.nj.gov embedwistia-a.akamaihd.net njwebmap.state.nj.us www.google-analytics.com fg8vvsvnieiv3ej16jby.litix.io www.facebook.com translate.googleapis.com maps.nj.gov; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com nj.gov js.arcgis.com www.nj.gov use.fontawesome.com use.typekit.net cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com; form-action  www.state.nj.us syndication.twitter.com nj.gov www.nj.gov platform.twitter.com search.state.nj.us; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: nj.gov embedwistia-a.akamaihd.net; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.state.nj.us; report-uri /csp_report 1
default-src 'self';style-src 'self' 'unsafe-inline' dev.g.alicdn.com g.alicdn.com at.alicdn.com *.test.youku.com *.taobao.net webapi.amap.com;script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.dingtalk.com *.cnzz.com *.alicdn.com market.wapa.taobao.com g.alicdn.com dev.g.alicdn.com ynuf.alipay.com log.mmstat.com s.tbcdn.cn vip.laiwang.com wswukong.laiwang.com local.alipcsec.com:6691 *.taobao.net cfd.aliyun.com restapi.amap.com webapi.amap.com retcode.alicdn.com cfall.aliyun.com gw.alipayobjects.com ynuf.aliapp.org;connect-src 'self' *.dingtalk.com ynuf.alipay.com dev.g.alicdn.com g.alicdn.com retcode.taobao.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com arms-retcode.aliyuncs.com arms-retcode.aliyuncs.com ynuf.aliapp.org px-intl.ucweb.com px.ucweb.com gm.mmstat.com preview-lippi-space-zjk.oss-accelerate.aliyuncs.com wgo.mmstat.com;frame-src 'self' h5.m.taobao.com qiye.aliyun.com log.laiwang.com dev.g.alicdn.com g.alicdn.com login.dingtalk.com login2.dingtalk.com *.dingtalk.com mailsso.mxhichina.com wvjbscheme: alipaybridge: alipaymonitor: mmstat.alicdn.com res.mmstat.com ynuf.aliapp.org;font-src 'self' at.alicdn.com dev.g.alicdn.com g.alicdn.com data: *.taobao.net i.alicdn.com;img-src 'self' data: *.dingtalk.com *.aliimg.com *.alicdn.com *.mmstat.com ynuf.alipay.com arms-retcode.aliyuncs.com pin.aliyun.com fourier.alibaba.com retcode.taobao.com *.cnzz.com dingtalk-cspase-sh.oss-cn-shanghai.aliyuncs.com dingtalk-cspase-sz.oss-cn-shenzhen.aliyuncs.com restapi.amap.com kcart.alipay.com preview-lippi-space-zjk.oss-cn-zhangjiakou.aliyuncs.com px-intl.ucweb.com px.ucweb.com;media-src 'self' *.dingtalk.com cloud.video.taobao.com videocdn.taobao.com tbm-auth.alicdn.com dev.g.alicdn.com g.alicdn.com;report-uri https://csp.dingtalk.com/csp; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /1/apitun/security/csp-report; 1
block-all-mixed-content; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://cms.fordham.edu https://assets.fordham.edu https://bat.bing.com/bat.js https://us2.siteimprove.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.adhigh.net/p.js https://px.ads.linkedin.com https://scripts.ninjacat.io https://snap.licdn.com https://www.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://px.adhigh.net https://s.ytimg.com https://scripts.mymarketingreports.com https://libraryh3lp.com https://ds-aksb-a.akamaihd.net https://www.linkedin.com https://dc.ads.linkedin.com https://lgapi.libapps.com https://fw.cdn.technolutions.net https://cdn.syndication.twimg.com https://mx.technolutions.net https://synch.optimatic.com https://slate-technolutions-net.cdn.technolutions.net https://secure.adnxs.com https://consent.trustarc.com https://consent.truste.com https://platform.twitter.com https://gradadmissions.fordham.edu https://go.activecalendar.com;  report-uri https://jaduuat.fordham.edu/site/custom_scripts/fordham_csperrors.php 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:;style-src https: 'unsafe-inline';connect-src https:;frame-src https: easy-js:;script-src 'unsafe-eval' 'unsafe-inline' https: blob: data:;font-src https: data:;img-src https: data:;media-src https: blob:;report-uri https://collector.schibsted.io/api/v1/csp/aftonbladet/publishing/pro 1
connect-src *; frame-src *; img-src https: data: blob: about: safari-extension: safari-resource: chrome-extension:; worker-src blob: https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; report-uri https://pro2-view.myportfolio.com/v1/errors/csp 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri /csp-report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sheknows.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' *.concur.com *.concursolutions.com *.concurcdc.cn *.sap.com *.concurmessaging.com *.akamaihd.net *.akamaitechnologies.com *.deploy.akamaitechnologies.com *.deploy.static.akamaitechnologies.com *.googletagmanager.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.stats.g.doubleclick.net *.trustarc.com *.prefmgr-cookie.truste-svc.net *.walkme.com *.glancecdn.net *.glance.net *.s3.amazonaws.com s3.amazonaws.com *.salesforceliveagent.com *.cloud.sap *.ondemand.com *.ridecharge.com *.newrelic.com 'unsafe-inline' 'unsafe-eval';report-uri /nui/signin/report-violation 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; report-uri https://csp.tmcdn.co.nz/report 1
default-src https: 'unsafe-inline'; img-src blob: data: https:; report-uri /csp-violation-report 1
script-src 'nonce-FjdIC6NOVShjGkfNdEi9vQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/googleorg; base-uri 'none' 1
script-src 'report-sample' 'nonce-mB2ZN1AC5OcoQy+Yqo7b2w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/geo-discussion-forums-dispatch/ 1
default-src https:; base-uri 'self'; script-src 'unsafe-inline' https: 'nonce-eDEQIw24q+MdWA==' 'strict-dynamic' 'unsafe-eval' *.zulily.com 'report-sample'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: blob:; object-src 'none'; block-all-mixed-content; report-uri https://productreviews-ext.prod.store.aws.z8s.io/csp-report-violations-report-only; 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.googleapis.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
script-src 'self' https://d3sq5bmi4w5uj1.cloudfront.net ajax.googleapis.com https://ie7-js.googlecode.com https://cdnjs.cloudflare.com connect.facebook.net uhf.microsoft.com c.microsoft.com cs.microsoft.com c.s-microsoft.com platform.twitter.com 'sha256-l9ZHmyP+aSQUbzDsO0Z5mU5KmeKTw7h+LYWUCcvjK/o=' 'sha256-PaS0gCgkEvlXwzUjXAo0jysAvDXOc3iIttQamgrvXk0=' 'sha256-LJOONddNtIMPVfcLsFATXyL4P23f3znxXz4FxYemkxI=' 'sha256-9iOvn7LxDLljYZpLeETJMw2obbWSDMr5bD4EvVwobT8=' 'sha256-0E0vDUBHZEKS2e6EIVqnrTnKVNyC9EkRVPrg1eYPjfk=' 'sha256-qKAjO5ncQUIDDV6E+i9Ki0B02qMSMSYn7Qz3CCeUadA=' 'sha256-e+Muvfq9cFCKaGyU2s/dw33x7jyiRjzSxMMWigxtces=' 'sha256-X13pZMYtfc8rLgpPU27DRu9ogdGOie2/WSSRXrvb4qw=' 'sha256-qBq7Yi1crTUnQMu1SOv+OLIkSbFYKoUR5uEZmtGdr18=' 'sha256-3lrmNAZ6kNZZTLuCfq9dwAOOuM3LB25Zw3lZQb6u5mA=' 'sha256-4yQMvgCymLvSmnCJ3fBR7j5ULSCezuYQiYkcA5JNVEY=' 'sha256-ktmU5paXGPR9mdN2uSWY55YcgQeImJRGVoRPrUQgASY=' 'sha256-MA2y0MDJ4KekIetpCUKmHXxHGlTrzqzVnitomCSNO14=' 'sha256-SeFjbS0LfxHLZ4dSTKm3BJQLbYE7L30x+Dieoa6QQwM=' 'sha256-SCdeHAIyndSsvnKndC84UH7e8hWXZfGZi1sXICbMEfM=' 'sha256-H/0P7dZMBnkxNkAxjKwW4ZkIbOu+jUatI5iXj220Mzw=' 'sha256-K2eMQjiqAXlEEKU1OI//ND8SNuV5nMOGNBQxtt0fK+g=' 'sha256-teb0gd16eHO96p+TWUf4Qk9ED1HJmiBTon8ooUoBh00=' 'sha256-Kdb1cN+XVz5wzuxh0LQlnyRgRjSv4+NQJ0c57mBi0pc=' 'sha256-dc0kLiLbea/nrL24ZXilOuRrs2VzRffX05RSQdgHUsU=' 'sha256-LjreJQqJjPxAIN/hThhUIWTziFE4758qAZp8fvAjruM=' 'sha256-o62lg6aR4njGCW/O+wQfymrm7gCZOXINNMAQNuD1VGM=' 'sha256-j3H8aCmyA0faDUoXS4euhLBRHBatCYqsLfaeZoZ86RQ='; style-src 'self' 'unsafe-inline' d3sq5bmi4w5uj1.cloudfront.net uhf.microsoft.com c.s-microsoft.com; img-src 'self' syndication.twitter.com analytics.twitter.com t.co uhf.microsoft.com c.microsoft.com *.facebook.com d3sq5bmi4w5uj1.cloudfront.net images.mxpnl.com wdgcdn.azureedge.net asgcdn.azureedge.net; frame-src *.facebook.com platform.twitter.com c1.microsoft.com c.bing.com; font-src 'self' data:; report-uri https://csp.skype.com 1
default-src 'none'; report-uri https://csp-report.wwnorton.com; connect-src 'self' https://appservices.wwnorton.com; frame-ancestors 'self'; font-src 'self'  https://fonts.googleapis.com; style-src 'self' https://cloud.typography.com https://dsbst55b1909i.cloudfront.net; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://static.wwnorton.com https://storage.googleapis.com; img-src 'self' https://www.google-analytics.com https://appservices.wwnorton.com https://cdn.wwnorton.com https://diqp43fm0w6zs.cloudfront.net  https://stats.g.doubleclick.net; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=9fe32dbf2318fc629611684307265da0 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://us-central1-shinesumoplus.cloudfunctions.net/report-uri 1
default-src 'none'; connect-src https://caligraph.youcanbook.me/ https://in.hotjar.com/ https://realtime.youcanbook.me/ https://www.google-analytics.com wss://realtime.youcanbook.me/ https://stats.g.doubleclick.net 'self'; font-src https://fonts.gstatic.com/ https://static.hotjar.com/ data: 'self'; frame-src https://homepage.youcanbook.me/ https://vars.hotjar.com/ https://www.youtube.com/; img-src https://static.hotjar.com https://www.google-analytics.com/ https://www.gstatic.com/ https://zapier.com/ https://cdn.zapier.com/ data: 'self'; manifest-src 'self' ; script-src https://www.google-analytics.com/ https://*.doubleclick.net/ https://realtime.youcanbook.me/ https://s.ytimg.com/ https://*.hotjar.com/ https://www.youtube.com/ https://zapier.com/ 'unsafe-eval' 'unsafe-inline' 'self'; media-src 'self'; style-src https://fonts.googleapis.com/ 'unsafe-inline' 'self'; 1
connect-src 'self' https://*.ee.co.uk https://ee.co.uk https://ee-outage.s3.amazonaws.com https://everythingeverywhere.tt.omtrdc.net https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://*.online-metrix.net https://*.lpsnmedia.net https://*.demdex.net https://*.criteo.net https://*.criteo.com https://ee-tagging.s3.amazonaws.com https://*.liveperson.net https://*.tt.omtrdc.net https://a.optmnstr.com https://api.opmnstr.com https://*.tags.tiqcdn.com https://t.co https://*.facebook.com https://*.facebook.net https://bat.bing.com https://ee-dtp-static.s3.amazonaws.com https://*.twitter.com https://*.reevoo.com https://*.ads-twitter.com https://static.queue-it.net https://*.gstatic.com https://*.googleadservices.com https://imp2.nowinteract.com https://decibelinsight.net https://www.googleapis.com https://btbusiness.d1.sc.omtrdc.net https://i.salecycle.com https://www.googletagmanager.com https://translate.googleapis.com https://myaccount.ee.co.uk https://*.akamaihd.net https://cdn.decibelinsight.net https://api.uniqodo.com https://ws.sessioncam.com https://dpm.demdex.net https://ajax.googleapis.com https://btbsecure.business.bt.com https://wmstatic.global.ssl.fastly.net https://skynet.reevoo.com https://code.jquery.com https://ee.15gifts.com wss://cdn.decibelinsight.net;default-src 'self' https://ee.co.uk https://*.ee.co.uk;frame-src 'self' https://*.ee.co.uk https://ee.co.uk https://*.doubleclick.net https://*.lpsnmedia.net https://*.demdex.net https://*.criteo.net https://*.criteo.com https://*.google.com https://*.facebook.com https://*.facebook.net https://plugin.monotote.com https://server.lon.liveperson.net https://saltcdn2.googleapis.com https://ee.real-digital.co.uk https://syndication.twitter.com https://www.youtube.com https://ee.cloud-iq.com https://d16fk4ms6rqz1v.cloudfront.net https://platform.twitter.com https://*.akamaihd.net https://ee-embedded.myunidays.com https://3796688.fls.doubleclick.net https://www.myunidays.com https://lo.tokenizer.liveperson.net https://tpc.googlesyndication.com https://saltcdn2.instagram.com https://social.hotukdeals.com https://gateway.zscalerone.net https://prod-browsext.pricesearcher.com https://app.wizdom.ai https://noop.style https://www.hotukdeals.com https://sitecatalyst.omniture.com https://authorize.omniture.com https://lo.v.liveperson.net;media-src 'self' https:;img-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ee.co.uk https://ee.co.uk https://*.doubleclick.net https://track.uniqodo.com https://*.criteo.net https://*.criteo.com https://a.optmnstr.com https://*.tt.omtrdc.net https://*.facebook.net https://*.liveperson.net https://*.tags.tiqcdn.com https://ee-tagging.s3.amazonaws.com https://ee-dtp-static.s3.amazonaws.com https://*.twitter.com https://bat.bing.com https://*.cloudfront.net https://www.googleadservices.com https://*.google-analytics.com https://static.ads-twitter.com https://static.queue-it.net https://eeuk.queueit.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://www.googletagmanager.com https://bat.bing.com https://ee.cloud-iq.com https://tags.tiqcdn.com https://rules.quantcount.com https://www.dwin1.com https://adobedtm.com https://*.adobedtm.com https://ads.avocet.io https://ct.pinterest.com https://resources.digital-cloud-uk.medallia.eu https://nebula-cdn.kampyle.com https://cdn.nowinteract.com https://sc-static.net https://vip.timezonedb.com https://medallia.eu https://track.adform.net https://cm.everesttech.net https://plugin.monotote.com https://www.youtube.com https://snap.licdn.com https://s.ytimg.com https://ee.15gifts.com https://btbusiness.d1.sc.omtrdc.net https://www.googleadservices.com https://gdata.youtube.com https://bat.bing.com https://secure.quantserve.com https://px.ads.linkedin.com https://vimeo.com https://connect.facebook.net https://ee-tagging.s3.amazonaws.com https://www.linkedin.com https://cdn.syndication.twimg.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.zenaps.com https://lptag.liveperson.net https://d2oh4tlt9mrke9.cloudfront.net https://twitter.com https://cdn.decibelinsight.net https://assets.revlifter.io https://*.akamaihd.net https://ee.cloud-iq.com https://platform.twitter.com https://www.googletagmanager.com https://www.dwin1.com https://smetrics.ee.co.uk https://rialto-gms.s3.amazonaws.com https://tpc.googlesyndication.com https://vimeo.com https://beta.mybetterdl.com https://rules.quantcount.com https://ws.sessioncam.com https://decibelinsight.net https://analytics.twitter.com https://cdn.walkme.com https://static.ads-twitter.com https://c.cnzz.com https://*.lpsnmedia.net https://cdnjs.cloudflare.com https://p0.mycdn.co https://mark.reevoo.com https://p294588.clksite.com;object-src 'self' https://ee.co.uk https://*.ee.co.uk;style-src 'self' https: 'unsafe-inline';font-src 'self' https:;  report-uri https://1720a10za5.execute-api.eu-west-1.amazonaws.com/csp 1
child-src https:; connect-src https: wss:; font-src data: https:; frame-src https:; img-src blob: data: https:; media-src blob: data: https:; object-src 'self' https://*.app-eu.wrike.com https://*.wrike.com https://*.www.wrike.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://youtube.com; script-src 'unsafe-eval' 'unsafe-inline' data: https://*.6sc.co https://*.app-eu.wrike.com https://*.bizographics.com https://*.google-analytics.com https://*.linkedin.com https://*.marketo.com https://*.marketo.net https://*.twitter.com https://*.wrike.com https://*.www.wrike.com https://*.yandex.ru https://api.greenhouse.io https://api.pinterest.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://c.disquscdn.com https://cdn.onesignal.com https://cdn.ravenjs.com https://cdn.syndication.twimg.com https://commondatastorage.googleapis.com/code.snapengage.com/js/ https://connect.facebook.net https://d.adroll.com https://d10b6odojqpx09.cloudfront.net https://d1c5qktmphn2d.cloudfront.net https://d1foz7ea1n9ap6.cloudfront.net https://d28rj2ujhq2ikj.cloudfront.net https://d3rnld1uo6kgq2.cloudfront.net https://d3tvpxjako9ywy.cloudfront.net https://disqus.com https://fast.wistia.com https://fast.wistia.net https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1056104813/ https://i.simpli.fi https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js https://onesignal.com https://pixel.mathtag.com https://px.airpr.com/airpr.js https://s.adroll.com https://s3.amazonaws.com/r.kissinsights.com/ https://secure.adnxs.com https://snap.licdn.com https://src.litix.io/core/2/mux.js https://sslwidget.criteo.com https://static.ads-twitter.com https://static.criteo.net https://track-mv.com https://turbo.qualaroo.com https://vidassets.terminus.services https://vk.com https://wrike.disqus.com https://wrike.influitive.com https://www.google.com https://www.google.ru https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.snapengage.com/; style-src 'unsafe-inline' data: https:; default-src 'self'; report-uri https://csp.wrike.com/csp-report?website 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' s.ytimg.com gfmcharity.wpengine.com *.gofundme.com *.crowdrise.com unpkg.com unpkg.com/react-dom@16.12.0/umd/react-dom.production.min.js unpkg.com/react@16.12.0/umd/react.production.min.js *.hs-growth-metrics.com *.hsadspixel.net *.hubapi.com seal.verisign.com cdn.datatables.net js.hscta.net forms.hsforms.com code.jquery.com *.greenhouse.io *.googletagmanager.com www.google.com www.googletagmanager.com/gtm.js?id=GTM-TDTFTZ ssl.google-analytics.com/ga.js *charity.gofundme.com  *.newrelic.com *.nr-data.net *.swiftype.com *.outbrain.com *.digicert.com *.polyfill.io *.swiftypecdn.com *.typekit.net  *.bootstrapcdn.com *.jsdelivr.net *.hsforms.net *.youtube-nocookie.com *.youtube.com  *.optimizely.com *.mxpnl.com *.cloudflare.com *.hsforms.net *.gstatic.com *.googleapis.com *.amazonaws.com *.mixpanel.com *.hs-scripts.com www.googleadservices.com *.adroll.com *.google.com *.gigya.com *.twitter.com *.ziggeo.com *.hubspot.com *.doubleclick.net *.facebook.com *.facebook.net static.ads-twitter.com bat.bing.com *.hsleadflows.net *.hs-analytics.net *.linkedin.com *.yahoo.com *.google-analytics.com *.alooma.com *.bizographics.com *.crowdrise.com *.licdn.com cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js twitter.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' * data:; connect-src 'self' google.com googletagmanager.com bat.bing.com *.crowdrise.com api.amplitude.com *.facebook.com analytics.google.com assets-charity.gofundme.com *.mixpanel.com *.hubapi.com *.hubspot.com *.alooma.com *.nr-data.net *.ziggeo.com *.twitter.com *.optimizely.com *.doubleclick.net *.google-analytics.com *.typekit.net api.amplitude.com *.facebook.com analytics.google.com; img-src 'self' https: data:;  report-uri https://28rqy7ini0.execute-api.us-west-1.amazonaws.com/prod 1
default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tvsquared.com *.wargaming.net https://*.taboola.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://yandex.st https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://connect.ok.ru https://*.vk.com https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.criteo.com https://*.vihub.ru https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.tvsquared.com *.taboola.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://stats.g.doubleclick.net https://*.yandex.ru https://*.yandex.net https://*.yandex.ua https://*.yandex.by https://*.yandex.kz https://*.yandex.com.tr http://*.yandex.ru http://*.yandex.net http://*.yandex.ua http://*.yandex.by http://*.yandex.kz http://*.yandex.com.tr https://*.yandex.st https://*.yandex.com https://*.yandex.fr https://graph.facebook.com https://*.addthis.com https://*.google-analytics.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.googleapis.com https://stackadapt.com *.yimg.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://yastatic.net https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1
upgrade-insecure-requests;default-src 'self'  'nonce-ZDsx0m78cjw=' 'unsafe-inline' 'unsafe-eval' biz-file.com *.google-analytics.com *.effectivemeasure.net *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.googleapis.com *.gstatic.com *.googleadservices.com  adservice.google.com adservice.google.co.za cdn.ampproject.org cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js *.iono.fm;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com cdnjs.cloudflare.com/ajax/libs/font-awesome;font-src 'self' data: *.gstatic.com;img-src 'self' data: biz-file.com *.google-analytics.com *.effectivemeasure.net *.doubleclick.net *.googlesyndication.com www.google.com;frame-ancestors 'self' *.iono.fm; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
report-uri https://www.yelp.com/csp_report_only?id=bedbbefbda9d06a5&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601013324; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: www.pkobp.pl; style-src 'self' 'unsafe-inline'; font-src 'self'; report-uri /ikd_img/skins/ipko/grcv; 1
frame-ancestors 'self'; default-src 'self' https://tpc.googlesyndication.com/safeframe/; connect-src 'self' https://*.abcya.com https://*.playwire.com https://csi.gstatic.com https://dt.clnmde.com https://kinesis.us-east-1.amazonaws.com https://www.google-analytics.com https://*.media.net https://*.googlesyndication.com https://*.doubleclick.net https://*.arcademics.com wss://*.arcademics.com; font-src 'self' https://*.media.net https://d33wubrfki0l68.cloudfront.net https://fonts.gstatic.com https://*.arcademics.com; frame-src 'self' blob: https://cdn.intergi.com https://*.playwire.com https://*.stripe.com https://*.abcya.com https://pxlclnmdecom-a.akamaihd.net https://*.googlesyndication.com https://*.doubleclick.net https://www.google.com; img-src 'self' data: https://*.arcademics.com https://*.net https://*.abcya.com https://cdn.intergi.com https://*.playwire.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://dt.clnmde.com https://www.googletagmanager.com https://*.doubleclick.net https://intergi-phoenix.s3.amazonaws.com https://px.moatads.com https://*.googlesyndication.com https://www.google-analytics.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.kidsafeseal.com https://s02mdn.net/; media-src 'self'; object-src https://*.abcya.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://adservice.google.com https://cdn.ampproject.org https://cdn.intergi.com https://cdn.intergient.com https://*.playwire.com https://*.media.net https://d33wubrfki0l68.cloudfront.net https://*.stripe.com https://mb.moatads.com https://pxlclnmdecom-a.akamaihd.net https://*.doubleclick.net https://*.arcademics.com https://*.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googletagservices.com https://www.gstatic.com https://z.moatads.com; style-src 'self' 'unsafe-inline' https://cdn.intergi.com https://d33wubrfki0l68.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com; report-uri https://www.ixl.com/actions/csp/report-abcya; report-to csp-endpoint; 1
script-src 'nonce-wXt7PVOKNZVIf1GsdFRXZA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/chrome; base-uri 'none' 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com translate.googleapis.com stackpath.bootstrapcdn.com nj.gov njsuccess.dol.state.nj.us cse.google.com use.fontawesome.com ajax.googleapis.com code.jquery.com connect.facebook.net tools.cdc.gov cdn.syndication.twimg.com public.govdelivery.com www.google-analytics.com siteimproveanalytics.com translate.google.com cdnjs.cloudflare.com clients1.google.com platform.twitter.com www.nj.gov maxcdn.bootstrapcdn.com www.gstatic.com cdn.jsdelivr.net unpkg.com www.googletagmanager.com sdc.state.nj.us; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com translate.googleapis.com js.arcgis.com stackpath.bootstrapcdn.com use.typekit.net njsuccess.dol.state.nj.us nj.gov fonts.googleapis.com www.state.nj.us ton.twimg.com cdn.jsdelivr.net use.fontawesome.com platform.twitter.com cdnjs.cloudflare.com code.jquery.com www.nj.gov maxcdn.bootstrapcdn.com p.typekit.net unpkg.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: unpkg.com nj.gov www.nj.gov js.arcgis.com use.fontawesome.com fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net use.typekit.net; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.state.nj.us; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: stats.g.doubleclick.net c.statcounter.com search.nj.gov www.njlottery.com www.nj.gov public.govdelivery.com www.facebook.com maps.nj.gov translate.googleapis.com fg8vvsvnieiv3ej16jby.litix.io www.google-analytics.com njwebmap.state.nj.us embedwistia-a.akamaihd.net; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: embedwistia-a.akamaihd.net nj.gov; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: public.govdelivery.com cse.google.com platform.twitter.com syndication.twitter.com info.csc.state.nj.us www.state.nj.us www-njlib.state.nj.us maps.arcgis.com www.nj.gov www.facebook.com www.youtube.com www.google.com nj.gov lwdwebpt.dol.state.nj.us calendar.google.com healthapps.state.nj.us; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: js.arcgis.com nj.gov abs.twimg.com www.google.com i.ytimg.com embedwistia-a.akamaihd.net njsuccess.dol.state.nj.us maps.nj.gov translate.googleapis.com parvin03-e.njes.state.nj.us www.gstatic.com unpkg.com www.state.nj.us clients1.google.com www.nj.gov syndication.twitter.com www.facebook.com pbs.twimg.com server.arcgisonline.com 77497.global.siteimproveanalytics.io www.google-analytics.com www.credit-card-logos.com ton.twimg.com cdn.jsdelivr.net www.googletagmanager.com s7.addthis.com sdc.state.nj.us 77604.global.siteimproveanalytics.io phil.cdc.gov code.jquery.com 6019636.global.siteimproveanalytics.io files.constantcontact.com www.googleapis.com platform.twitter.com www.njsp.org myunemployment.nj.gov 1468.global.siteimproveanalytics.io translate.google.com; form-action  platform.twitter.com syndication.twitter.com search.state.nj.us nj.gov www.nj.gov www.state.nj.us; report-uri /csp_report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://tvline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-NjAxODgzOTk2LDM3Mzg0NTc5ODk='; report-uri https://exceptions.hubspot.com/csp/report?version=6; 1
default-src 'none'; base-uri 'self' docs.helpscout.net; block-all-mixed-content; child-src 'self' assets.braintreegateway.com c.paypal.com www.youtube.com player.vimeo.com fast.wistia.net moz-extension://* chrome-extension://*; connect-src 'self' api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.paypal.com www.google-analytics.com connect.facebook.net www.facebook.com ysxtsrzt2b4s.statuspage.io rescuetime.helpscoutdocs.com secure.helpscout.net api.ipify.org beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net *.sumologic.com sentry.io wss: wss://*.pusher.com slack.com github.com exist.io accounts.automatic.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: fonts.gstatic.com app.vwo.com; form-action 'self' *.welltory.com; frame-ancestors moz-extension://* chrome-extension://*; frame-src 'self' assets.braintreegateway.com *.paypal.com djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net platform.twitter.com www.googletagmanager.com www.google.com tst.kaptcha.com ssl.kaptcha.com www.youtube.com moz-extension://* chrome-extension://* ifttt.com *.vimeo.com app.vwo.com; img-src 'self' data: assets.braintreegateway.com *.paypal.com platform.twitter.com pbs.twimg.com www.google-analytics.com connect.facebook.net *.facebook.com d33v4339jhl8k0.cloudfront.net moz-extension://* chrome-extension://* via.placeholder.com ifttt.com api.producthunt.com zapier.com cdn.zapier.com *.visualwebsiteoptimizer.com app.vwo.com track.customer.io; manifest-src 'self'; media-src 'self' beacon-v2.helpscout.net; object-src 'self' djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net cdn.ravenjs.com platform.twitter.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com zapier.com connect.facebook.net dev.visualwebsiteoptimizer.com app.vwo.com cdn.rawgit.com player.vimeo.com assets.customer.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net djtflbt20bdde.cloudfront.net app.vwo.com; worker-src blob:; report-uri https://www.rescuetime.com/csp-report 1
default-src 'self' data: blob: *.tiktokcdn.com *.akamaized.net *.tiktok.com *.byteoversea.com *.ibytedtos.com *.tiktokcdn-in.com;connect-src *.google-analytics.com *.ibytedtos.com *.bytedanceapi.com *.tiktokv.com *.tiktok.com *.byteoversea.com *.tiktokcdn.com *.tiktokcdn-in.com *.hypstarcdn.com *.ipstatp.com *.bytedance.com;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.byteoversea.com *.ibytedtos.com *.ipstatp.com *.tiktok.com *.tiktokcdn-in.com *.tiktokcdn.com *.hypstarcdn.com *.googletagmanager.com *.google-analytics.com *.akamaized.com *.googleapis.com *.sgpstatp.com 'nonce-TXjAkJRflJ57OLBTx9L0Z';style-src 'unsafe-inline' *.tiktokcdn.com *.tiktokcdn-in.com *.akamaized.net *.ibytedtos.com *.tiktok.com *.ipstatp.com *.ibyteimg.com *.googleapis.com;img-src data: *.akamaized.net *.tiktokcdn.com *.tiktokcdn-in.com *.ibytedtos.com *.ibyteimg.com *.tiktok.com *.hypstarcdn.com *.facebook.com *.google-analytics.com *.googletagmanager.com;frame-src *.tiktok.com;media-src blob: *.tiktok.com *.tiktokv.com *.tiktokcdn.com *.tiktokcdn-in.com *.akamaized.net *.ibyteimg.com *.ibytedtos.com;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=tiktok_web 1
script-src 'self' *.edpuzzle.com 'unsafe-inline' 'unsafe-eval' latex.codecogs.com *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.ytimg.com *.soundcloud.com *.zendesk.com cdnjs.cloudflare.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com; style-src 'self' *.edpuzzle.com 'unsafe-inline' maxcdn.bootstrapcdn.com latex.codecogs.com d1htrclywvryi1.cloudfront.net fonts.googleapis.com; report-uri /api/v3/violations/csp 1
default-src blob: data: https: 'self' wss:; script-src blob: data: https: 'self' wss: 'unsafe-eval' 'unsafe-inline'; style-src blob: data: https: 'self' wss: 'unsafe-inline'; report-uri https://everlane.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self'; worker-src blob: 'unsafe-inline' 'unsafe-eval' https: http: 'self';connect-src * data: 'self';frame-src http://*.pitchbook.local http://*.wistia.com http://*.jobvite.com http://*.ceros.com http://www.facebook.com https: mailto: tel: ms-appx-web: blob: 'self'; img-src * data: blob: 'self' android-webview-video-poster:; media-src * blob: 'self'; style-src http://*.pitchbook.com http://*.googleapis.com http://*.webspellchecker.net http://*.dynamicyield.com https: 'unsafe-inline' 'self'; font-src http://*.dynamicyield.com http://*.webspellchecker.net http://fonts.gstatic.com https: data: blob: 'self' http://themes.googleusercontent.com chrome-extension: localhost:3000;report-uri /csp/submit 1
object-src 'none';base-uri 'self';script-src 'nonce-ybvlIJSoQ9DkIByf7X+m' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
default-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri https://investorplace.com/wp-content/plugins/mixed-content-logging/report-uri/mcl-uri.php 1
default-src 'self'; report-uri https://csp.yahoo.com/beacon/csp?src=fendr_developer.yahoo.com 1
default-src https://www.spamhaus.org https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' data: blob: *.tiktokcdn.com *.akamaized.net *.tiktok.com *.byteoversea.com *.ibytedtos.com *.tiktokcdn-in.com;connect-src *.google-analytics.com *.ibytedtos.com *.bytedanceapi.com *.tiktokv.com *.tiktok.com *.byteoversea.com *.tiktokcdn.com *.tiktokcdn-in.com *.hypstarcdn.com *.ipstatp.com *.bytedance.com;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.byteoversea.com *.ibytedtos.com *.ipstatp.com *.tiktok.com *.tiktokcdn-in.com *.tiktokcdn.com *.hypstarcdn.com *.googletagmanager.com *.google-analytics.com *.akamaized.com *.googleapis.com *.sgpstatp.com 'nonce-TNzXRDzTnPIDgZX-OtGCw';style-src 'unsafe-inline' *.tiktokcdn.com *.tiktokcdn-in.com *.akamaized.net *.ibytedtos.com *.tiktok.com *.ipstatp.com *.ibyteimg.com *.googleapis.com;img-src data: *.akamaized.net *.tiktokcdn.com *.tiktokcdn-in.com *.ibytedtos.com *.ibyteimg.com *.tiktok.com *.hypstarcdn.com *.facebook.com *.google-analytics.com *.googletagmanager.com;frame-src *.tiktok.com;media-src blob: *.tiktok.com *.tiktokv.com *.tiktokcdn.com *.tiktokcdn-in.com *.akamaized.net *.ibyteimg.com *.ibytedtos.com;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=tiktok_web 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self' *.naukimg.com *.naukrigulf.com; img-src 'self' * data:; default-src 'unsafe-eval' 'unsafe-inline' 'self' *.addthis.com *.addthisedge.com *.akamaihd.net *.angularjs.org *.bing.com *.doubleclick.net *.dropbox.com *.effectivemeasure.net *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.ae *.google.az *.google.ca *.google.co.ao *.google.co.id *.google.co.in *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.th *.google.co.tz *.zdassets.com *.google.co.ug *.google.co.uk *.google.co.us *.google.co.ve *.google.co.za *.google.co.zw *.google.com *.google.com.af *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.co *.google.com.eg *.google.com.gh *.google.com.kw *.google.com.lb *.google.com.my *.google.com.ng *.google.com.np *.google.com.om *.google.com.ph *.google.com.pk *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.vn *.google.de *.google.dz *.google.es *.google.fr *.google.gr *.google.ie *.google.iq *.google.it *.google.jo *.google.lk *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.tn *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.highcharts.com *.inspectlet.com *.jquery.com *.liveperson.net *.naukimg.com *.naukri.com *.naukrigulf.com *.optimonk.com *.scorecardresearch.com *.sizzlejs.com *.slideshare.net *.slidesharecdn.com *.twitter.com *.vizury.com *.youtube-nocookie.com *.youtube.com *.zopim.com *.ampproject.org cdnjs.cloudflare.com  naukrigulf.mox.net.in staticnaukrigulf.mox.net.in *.smartlook.com connect.facebook.net wss://*.inspectlet.com wss://*.zopim.com data:; report-uri https://lg.naukri.com/cspLogger/ 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.init.de *.openstreetmap.org *.twitter.com *.twimg.com *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundesfinanzministerium.de; child-src *.google.com *.gstatic.com *.youtube.com *.init.de *.twitter.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.twitter.com *.twimg.com *.bundesfinanzministerium.de; frame-ancestors 'self'; report-uri /site/servlet/csp-report; 1
frame-src *.trudvsem.ru; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com; font-src 'self' https://uk.tmconst.com; connect-src 'self' https://*.ticketmaster.co.uk https://www.google-analytics.com https://securepubads.g.doubleclick.net https://znewxas0hddovpxpb-ticketmaster.siteintercept.qualtrics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://vc.hotjar.io https://d2v54wjmlooyi.cloudfront.net https://*.evidon.com https://csi.gstatic.com https://venue.tmol.co https://ismds-intl.tmol.io https://mapsapi.tmol.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://uk.tmconst.com https://polyfill.io https://www.googletagmanager.com https://*.evidon.com https://identity.ticketmaster.co.uk https://static.hotjar.com https://se.monetate.net https://www.googletagservices.com https://www.google-analytics.com https://d2v54wjmlooyi.cloudfront.net/ssp/libs/prod/fanbuilder/v2/fanbuilder.js https://cdn.distiltag.com https://1314420.collect.igodigital.com https://widget.ticketmaster.eu https://securepubads.g.doubleclick.net https://script.hotjar.com https://af.monetate.net https://adservice.google.co.uk https://adservice.google.com https://adservice.google.ae https://adservice.google.co.jp https://adservice.google.com.ph https://adservice.google.com.ua https://adservice.google.de https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ie https://adservice.google.it https://adservice.google.nl https://analytics.twitter.com https://c.evidon.com https://connect.facebook.net https://googleads.g.doubleclick.net https://media.ticketmaster.co.uk https://sb.monetate.net https://static.ads-twitter.com https://www.googleadservices.com https://media.ticketmaster.co.uk https://cdn.ampproject.org https://tpc.googlesyndication.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline'; frame-src https://vars.hotjar.com https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com https://sb.monetate.net https://www.google.com/recaptcha/ https://identity.ticketmaster.co.uk/; img-src https://uk.tmconst.com https://cbt-assets.tmconst.com data: 'self' https://www.facebook.com https://*.evidon.com https://nova.collect.igodigital.com https://identity.ticketmaster.co.uk https://identity.ticketmaster.ie https://www.google-analytics.com https://af.monetate.net https://tpc.googlesyndication.com https://securepubads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://prismic-images.tmol.io https://media.ticketmaster.co.uk https://s3.eu-west-2.amazonaws.com/onsale-img/tmimages/TM_GenCatImgs_Generic.jpg https://s3.eu-west-2.amazonaws.com/onsale-img/tmimages/TM_GenCatImgs_Music.jpg https://mapsapi.tmol.co; object-src 'none'; base-uri 'none'; report-uri https://analytics.ticketmaster.co.uk/api/reports 1
worker-src 'none'; report-uri about:blank 1
default-src 'self' 'unsafe-inline' forum.vivaldi.net *.twitter.com *.twimg.com; img-src 'self' https: data:; font-src 'self' data:; frame-src 'self' www.youtube-nocookie.com *.twitter.com; report-uri /wp-content/themes/vivaldicom-theme/lib/handlecsp.php 1
default-src 'self' 'unsafe-inline' graphql.contentful.com web.ccpgamescdn.com https://images.ctfassets.net; base-uri 'self'; object-src 'self' ctfassets.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com hello.myfonts.net graphql.contentful.com consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com www.gstatic.com s.ytimg.com recaptcha.net www.google-analytics.com https://ssl.google-analytics.com speedof.me connect.facebook.net www.youtube.com www.googleadservices.com https://googleads.g.doubleclick.net https://bat.bing.com static.ads-twitter.com mc.yandex.ru ccpcommunity.zendesk.com *.zdassets.com *.twitter.com https://cdn.taboola.com;style-src 'self' 'unsafe-inline' web.ccpgamescdn.com https://tagmanager.google.com hello.myfonts.net fonts.googleapis.com; connect-src 'self' *.eveonline.com signup.ccpeveweb.com www.google.com www.google-analytics.com engine.extccp.com api.ccpgames.com graphql.contentful.com sentry.io stats.g.doubleclick.net j62tyvg8r3.execute-api.eu-west-1.amazonaws.com yo2vtgum73.execute-api.eu-west-1.amazonaws.com api.ccpgames.com www.mocky.io/v2/5e1ed5ca3100003600189501 stats.g.doubleclick.net https://bat.bing.com https://images.ctfassets.net www.endgame42.com speedof.me mc.yandex.ru ccpcommunity.zendesk.com *.zdassets.com wss://widget-mediator.zopim.com https://googleads.g.doubleclick.net; font-src 'self' hello.myfonts.net fonts.gstatic.com fonts.googleapis.com web.ccpgamescdn.com; img-src 'self' https: data: blob: https://images.ctfassets.net https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net; frame-src consentcdn.cookiebot.com speedof.me *.doubleclick.net www.google.com www.youtube.com www.facebook.com www.googletagmanager.com;report-uri https://ccpgames.report-uri.com/r/t/csp/enforce; 1
script-src 'nonce-5gFVWAonXyyl4ww-VX91TQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/www_google; base-uri 'none' 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.chatlio.com https://maxcdn.bootstrapcdn.com https://js.intercomcdn.com data: https://fonts.gstatic.com ; connect-src https://bam.nr-data.net https://fonts.gstatic.com wss://ws.pusherapp.com https://*.chatlio.com wss://*.intercom.io https://*.intercom.io https://*.algolia.com https://insights.algolia.io https://*.algolia.net https://*.algolianet.com https://insights.hotjar.com wss://*.hotjar.com https://*.kissmetrics.com https://vimeo.com https://*.pingdom.net https://api.segment.io https://api.amplitude.com/ https://sentry.io ; report-uri https://algolia.report-uri.io/r/default/csp/reportOnly 1
default-src 'self'; style-src 'unsafe-inline'; script-src 'self' https://*.smallcase.com https://in1.wzrkt.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://cdn4.mxpnl.com https://static.hotjar.com https://d2r1yp2w7bby2u.cloudfront.net http://static.clevertap.com https://app.link https://script.hotjar.com https://static.hotjar.com https://www.youtube.com/iframe_api https://s.ytimg.com https://apis.google.com https://connect.facebook.net https://checkout.razorpay.com/v1/checkout.js 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: https://*.tickertape.in https://*.smallcase.com https://s3.ap-south-1.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://pocket-image-cache.com https://*.ytimg.com https://script.hotjar.com https://premium.thehindubusinessline.com https://thehindubusinessline.com https://thehindu.com https://www.thehindu.com https://www.thehindubusinessline.com https://*.reutersmedia.net https://img.youtube.com https://www.facebook.com; connect-src https://*.tickertape.in wss://*.tickertape.in https://*.smallcase.com https://www.google-analytics.com https://*.branch.io https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://stats.g.doubleclick.net https://graph.facebook.com; frame-src https://connect.smallcase.com https://vars.hotjar.com https://www.googletagmanager.com https://accounts.google.com https://www.youtube.com https://vars.hotjar.com https://api.razorpay.com; font-src 'self' https://script.hotjar.com; object-src 'none' 1
default-src 'self' 'unsafe-inline' https: ; img-src 'self' 'unsafe-inline' data: https: ; font-src 'self' data: https: ; connect-src 'self' *.usni.org *.google.com *.gstatic.com *.google-analytics.com *.disqus.com *.authorize.net *.facebook.com sentry.utdev.com ; media-src https: ; object-src 'self' ; child-src 'self' *.usni.org *.googlesyndication.com *.google.com disqus.com *.disqus.com *.googletagmanager.com *.addtoany.com *.scribd.com *.facebook.com *.g.doubleclick.net ; form-action 'self' *.usni.org *.facebook.com *.salesforce.com; upgrade-insecure-requests; 1
block-all-mixed-content;default-src 'self';img-src 'self' https://images.opencollective.com data: t.paypal.com opencollective.com opencollective-production.s3.us-west-1.amazonaws.com opencollective-production.s3-us-west-1.amazonaws.com;worker-src 'self' blob:;style-src 'self' 'unsafe-inline';connect-src 'self' https://api.opencollective.com https://invoices.opencollective.com wtfismyip.com *.paypal.com *.paypalobjects.com sentry.io *.sentry.io;script-src 'self' 'unsafe-inline' maps.googleapis.com js.stripe.com *.paypal.com *.paypalobjects.com;frame-src www.youtube.com opencollective.com js.stripe.com *.paypal.com *.openstreetmap.org;object-src opencollective.com 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self'   https://csi.gstatic.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://capture.trackjs.com https://www.google.com https://*.hotjar.com:* wss://*.hotjar.com https://bam.nr-data.net 'report-sample'; font-src 'self' https://inassets1-internationsgmbh.netdna-ssl.com/ https://fonts.gstatic.com https://static.hotjar.com 'report-sample'; frame-src https: appsflyerevent: fbrpc: 'report-sample'; img-src https: blob: data:; manifest-src 'self' 'report-sample'; media-src 'none'; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.googletagservices.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com 'report-sample'; style-src 'unsafe-inline' https://inassets1-internationsgmbh.netdna-ssl.com/  https://fonts.googleapis.com https://www.gstatic.com https://eu.gcsip.nl 'report-sample'; report-uri https://internations.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' https:;font-src https: data:;img-src https: data:;media-src blob: https:;object-src 'none';script-src 'strict-dynamic' 'unsafe-inline' https: 'nonce-txYeq2DTYWXAzC0dau3Qqg' 'report-sample';style-src https: 'unsafe-inline';report-uri https://www.youtubekids.com/csp_204?t=strict-csp 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://teacup.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=ln_shp 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://footwearnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.search.ch/api/mixedcontent.json 1
default-src * data: blob: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: blob: https: 'unsafe-inline' 'unsafe-eval' *.eurostar.com scripts.eurostar.tech analytics.twitter.com bat.bing.com beacon.krxd.net cdn.kommunicate.io cdn.applozic.com cdn.krxd.net connect.facebook.net consumer.krxd.net eus.cdn-v3.conductrics.com googleads.g.doubleclick.net polyfill.io rules.quantcount.com s.yimg.com sc-static.net secure.quantserve.com sp.analytics.yahoo.com static.ads-twitter.com tag.yieldoptimizer.com tags.tiqcdn.com visitor-service-eu-west-1.tealiumiq.com w.usabilla.com widget.kommunicate.io www.google-analytics.com www.googletagmanager.com pagead2.googlesyndication.com www.googletagservices.com ad.doubleclick.net www.paypal.com www.googleadservices.com maps.googleapis.com apply.workable.com snap.licdn.com; connect-src 'self' https: *.eurostar.com bat.bing.com collect-eu-west-1.tealiumiq.com c.contentsquare.net www.google-analytics.com cdn.kommunicate.io api.kommunicate.io chat.kommunicate.io www.paypal.com googleads4.g.doubleclick.net api.rollbar.com www.facebook.com r.contentsquare.net bots.applozic.com stats.g.doubleclick.net wss://socket5.applozic.com wss://socket.applozic.com:80 adservice.google.com pagead2.googlesyndication.com jslog.krxd.net t.co beacon.krxd.net www.bing.com pubads.g.doubleclick.net; report-uri https://endpoint1.collection.eu.sumologic.com/receiver/v1/http/ZaVnC4dhaV2FbC9Ij83SGE3iTXUOUwHd6irC7dEd3crCFxWV0sz34YKvdRhl7b2Pwk5pss2m6jkp8P_KsP_DDMThVLr-k4csrE-WmpY1fji3919gGLcEhQ== 1
default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; media-src https: blob:; object-src https: blob:; report-uri https://csp-report.magicseaweed.com/api/csp-report/ 1
default-src 'none' ;script-src 'unsafe-eval' 'unsafe-inline' *.starbucks.co.jp *.google.com *.google-analytics.com www.googleadservices.com/pagead/ *.googletagmanager.com *.g.doubleclick.net cdn.optimizely.com/js/ *.facebook.net b92.yahoo.co.jp *.twitter.com d.adlpo.com *.treasuredata.com hm.mieru-ca.com d2fzkgg97cd93o.cloudfront.net platform.sumally.com p.jwpcdn.com jwpsrv.com apis.google.com starbucks-faq.pbcv.sitesearch.jp starbucks-faq.sitesearch.jp rum.optimizely.com s.yimg.jp b97.yahoo.co.jp ci-mpsnare.iovation.com dqpw8dh9f7d3f.cloudfront.net d3vgbguy0yofad.cloudfront.net ajax.googleapis.com auth1.freespot.com collect.ptengine.jp d-cache.microad.jp js.ptengine.jp js.fout.jp cdnjs.cloudflare.com in.treasuredata.com ssl.p.jwpcdn.com ;style-src 'unsafe-inline' *.starbucks.co.jp fonts.googleapis.com starbucks-faq.pbcv.sitesearch.jp starbucks-faq.sitesearch.jp ;img-src data: *.starbucks.co.jp *.google.com *.google.co.jp *.google-analytics.com www.googleadservices.com/pagead/ *.googletagmanager.com *.g.doubleclick.net *.twitter.com d2fzkgg97cd93o.cloudfront.net sumally.com jwpltx.com b97.yahoo.co.jp dqpw8dh9f7d3f.cloudfront.net d3vgbguy0yofad.cloudfront.net collect.ptengine.jp d-track.send.microad.jp target.fout.jp huaban.com map.chizumaru.com s3-ap-northeast-1.amazonaws.com www.google.co.id www.google.co.kr www.google.com.hk www.google.com.sg www.google.com.tw www.google.de www.gstatic.com ;font-src *.starbucks.co.jp fonts.gstatic.com ;media-src d2fzkgg97cd93o.cloudfront.net ;object-src *.starbucks.co.jp ;frame-src *.google.com *.g.doubleclick.net *.facebook.com *.twitter.com sumally.com www.youtube.com js.fout.jp dsp.fout.jp ;connect-src *.starbucks.co.jp *.g.doubleclick.net dwjw4x8nnai5d.cloudfront.net rum.optimizely.com uc.gre d11abxzrrvbz6o.cloudfront.net track.uc.cn ws://ntjp.mieru-ca.com ;report-uri https://sbjcsp2.report-uri.com/r/d/csp/reportOnly; 1
connect-src 'self' *.crazyegg.com *.demdex.net *.doubleclick.net *.forter.com *.tt.omtrdc.net about adservice.google.com api.bazaarvoice.com api.surveymonkey.net apps.bazaarvoice.com az.nmgplatform.com b.px-cdn.net bam.nr-data.net bat.bing.com bs.perimeterx.net cdn0.forter.com cdncache-a.akamaihd.net collector-pxff0j69t5.perimeterx.net collector-pxff0j69t5.px-cdn.net collector-pxff0j69t5.px-cloud.net collector-pxff0j69t5.pxchk.net ct.pinterest.com d2o5idwacg3gyw.cloudfront.net data demo.convergepay.com dpm.demdex.net ec.walkme.com freakarcade.com googleads4.g.doubleclick.net https://dpm.demdex.net https://fiendgamers.com https://gjtrack.ucweb.com https://nf44a9pati.execute-api.us-west-2.amazonaws.com https://totalwine.tt.omtrdc.net https://www.totalwine.com in.visitors.live in.visitors.live integration.richrelevance.com ipapi.co log.pinterest.com luxins.net md1-proxy01-auth:4433 network-stg.bazaarvoice.com network.bazaarvoice.com notify.bluecoat.com pagead2.googlesyndication.com public-auth-dot-lucky-orange.appspot-preview.com pubsub.googleapis.com recs.richrelevance.com rh-stg.nexus.bazaarvoice.com rh.nexus.bazaarvoice.com s.yimg.com savingsslider-a.akamaihd.net settings.luckyorange.net siteintercept.qualtrics.com smetrics.totalwine.com stg.api.bazaarvoice.com subwayblaze.com totalwine.tt.omtrdc.net translate.googleapis.com trc-events.taboola.com trc.taboola.com uc.gre us-central1-adaptive-growth.cloudfunctions.net vimeo.com wss://cdn0.forter.com wss://in.visitors.live wss://visitors.live www.bing.com www.facebook.com www.google-analytics.com www.totalwine.com; report-uri https://csp.px-cloud.net/report?report=1&id=6bcf836c10d3f130a3210027ae9ab04c&app_id=PXFF0j69T5 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=businessinsider.com.pl::RING_WEBSITES_2_0_27 1
default-src 'self' about: https://cdn.wealthfront.com https://d1rthi4uscpmfy.cloudfront.net; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://*.doubleclick.net; frame-src 'self' https://www.google.com/recaptcha/ https://www.prod-cde.net https://player.vimeo.com https://www.youtube.com https://*.doubleclick.net; img-src https: data:; object-src 'none'; script-src 'strict-dynamic' https://d1rthi4uscpmfy.cloudfront.net 'unsafe-inline' 'nonce-YUtso8jlfUdt1vbE4duoUQ=='; style-src 'unsafe-inline' https://d1rthi4uscpmfy.cloudfront.net; worker-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; report-uri /csp-report; block-all-mixed-content 1
report-uri https://www.yelp.com/csp_report_only?id=5b742837e777cad3&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1600998104; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.de ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.de *.spreadshirt.de ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.de ; font-src 'self' https: data: *.spreadshirt.de ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.de ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.de ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'none'; base-uri 'none' ; frame-src 'self' *.unidays.world *.facebook.com *.twitter.com *.doubleclick.net *.youtube.com *.google.com *.snapchat.com; connect-src 'self' *.myunidays.com *.myunidays.com *.adzerk.net https://api.segment.io https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com ; font-src 'self' data: https: ; img-src 'self' data: https: ; media-src 'self' *.unidays.world ; script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'nonce-BiJmyuSQq0KOQGPZTM+sRg==' 'sha256-gIxZRG34zb9BxCelpfjO2m5zg0+3Wtfeh1Gcj64tDug=' 'sha256-swnYD2S3+mg5eUG+ZrxxAe2x8z+BPFsrZJ1loRNz+Nc=' 'sha256-N9ztf1wx+YHmIwKzGt/sA+NS8eQxN8/5QtVkkYWuyNM=' 'sha256-DQwqYB8/sqCTVOZWfXmwexUV+wjyosAzcAcRY2fdDiU=' 'sha256-uaOgH6Wg5HZzOcOMUDlpqDrYOeBghbzAxWmuIk5CesQ=' 'sha256-lyPHSxhaxIuXvp8FW5yRTCVq84er7SLsAfqD1Ulja+k=' 'sha256-Yek3x1sNVptZdhdj459GB+kmHz5zawez+PELr0sdWGA=' ; style-src 'self' 'unsafe-inline' https: ; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nr-data.net *.paypalobjects.com *.analytics-egain.com *.trustpilot.com *.newrelic.com *.kk-resources.com *.redditstatic.com *.chainreactioncycles.com *.google.com *.criteo.net *.melissadata.net *.mention-me.com *.bazaarvoice.com www.zenaps.com *.scene7.com the.sciencebehindecommerce.com *.adyen.com seal.digicert.com vars.hotjar.com *.hotjar.com *.criteo.com lantern.roeyecdn.com *.cloudfront.net *.bing.com tracker.marinsm.com *.facebook.net *.trustarc.com *.google-analytics.com www.googletagmanager.com *.scene7.com www.dwin1.com www.googleoptimize.com data:; style-src * 'unsafe-inline'; default-src *.melissadata.net *.sciencebehindecommerce.com *.truste.com *.chainreactioncycles.com *.facebook.com *.hotjar.com *.hotjar.io *.gstatic.com *.bing.com *.googleapis.com *.trustarc.com *.google-analytics.com *.cloudfront.net *.googleoptimize.com; img-src * data:; object-src 'none'; connect-src * ; frame-src * data:; script-src-elem 'unsafe-inline' *.chainreactioncycles.com *.digicert.com *.criteo.com *.google.com *.kk-resources.com www.redditstatic.com analytics.analytics-egain.com js-agent.newrelic.com widget.trustpilot.com bam.nr-data.net www.paypalobjects.com www.googleoptimize.com lantern.roeyecdn.com www.googleadservices.com media.chainreactioncycles.com tracker.marinsm.com *.adyen.com sslwidget.criteo.com *.bazaarvoice.com *.hotjar.com *.googletagmanager.com bat.bing.com www.zenaps.com *.cloudfront.net static.criteo.net *.google-analytics.com www.dwin1.com *.mention-me.com *.facebook.net *.trustarc.com the.sciencebehindecommerce.com *.scene7.com mpsnare.iesnare.com seal.digicert.com9 data:; style-src-elem * 'unsafe-inline'; font-src * data: ; media-src * data:; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri /csp-report.jsp; 1
default-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com; media-src *; img-src * data:; style-src 'self' fonts.googleapis.com 'unsafe-inline'; script-src 'self' google-analytics.com googletagmanager.com 'unsafe-inline'; frame-ancestors 'self' *.alarm.com; frame-src 'self' *.alarm.com youtube.com academy-alarm.com; report-uri https://alarm.com/api/csp/report; report-to https://alarm.com/api/csp/report; 1
base-uri 'none'; default-src 'none'; script-src 'nonce-2wHWJWcOGHz8nGNU7uzoVw==' 'unsafe-inline' 'wasm-eval' 'self' https://ajax.aspnetcdn.com https://*.office365.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://shell.cdn.office.net https://shellppe.cdn.office.net  report-sample; style-src 'unsafe-inline' 'self' https://shell.cdn.office.net https://shellppe.cdn.office.net  report-sample; font-src 'self' data: https://*.akamaihd.net https://static2.sharepointonline.com; img-src 'self' blob: data: https://*.officeppe.com https://*.office.com https://*.msedge.net https://*.office365.com https://outlook.live.com https://*.microsoft.com https://*.vo.msecnd.net https://*.teams.microsoft.com https://*.officeapp.live.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://outlook.office365.com https://shell.cdn.office.net https://shellppe.cdn.office.net; connect-src 'self' blob: https://graph.microsoft.com wss://whiteboard.microsoft.com/sync https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com https://*.office.com https://*.officeppe.com https://*.msedge.net https://outlook.office365.com https://outlook.live.com https://config.edge.skype.net https://config.edge.skype.com https://browser.pipe.aria.microsoft.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://shell.cdn.office.net https://shellppe.cdn.office.net; frame-src 'self' https://login.windows.net/ https://*.officeppe.com https://*.office.com https://*.spoppe.com https://microsoft.sharepoint-df.com https://microsoft.sharepoint.com https://www.yammer.com; frame-ancestors 'self' https://teams.microsoft.com; form-action 'none'; upgrade-insecure-requests; report-uri /cspreport 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www0mansion0review0jp.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; connect-src 'self' https://*.paytm.com https://*.paytmmall.com https://paytm.com https://paytmmall.com https://www.facebook.com https://www.google-analytics.com; font-src 'self' data: https://*.paytm.com https://media.flixcar.com https://media.flixfacts.com; form-action https://securegw.paytm.in https://www.facebook.com; frame-src 'self' https://*.paytm.com https://bid.g.doubleclick.net https://dis.as.criteo.com https://gum.criteo.com https://media.flixcar.com https://www.facebook.com; img-src 'self' data: https://*.paytm.com https://*.paytm.in https://googleads.g.doubleclick.net https://*.mapmyindia.com https://media.flixcar.com https://media.flixfacts.com https://paytmofferlive.wpengine.com https://rt.flix360.com https://s3-ap-southeast-1.amazonaws.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.google.com.sg; script-src 'unsafe-eval' 'unsafe-inline' https://*.mapmyindia.com https://*.paytm.com https://storage.googleapis.com https://connect.facebook.net https://d25w45cltkdr4r.cloudfront.net https://googleads.g.doubleclick.net https://media.flixcar.com https://media.flixfacts.com https://sslwidget.criteo.com https://static.criteo.net https://t.flix360.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'unsafe-inline' https://*.paytm.com https://*.mapmyindia.com https://media.flixcar.com https://media.flixfacts.com; worker-src 'self'; report-uri https://paytm.report-uri.com/r/t/csp/reportOnly; 1
base-uri 'none'; default-src 'none'; script-src 'nonce-9qhvGiujhgVW5m+IP8CEXA==' 'unsafe-inline' 'wasm-eval' 'self' https://ajax.aspnetcdn.com https://*.office365.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://shell.cdn.office.net https://shellppe.cdn.office.net  report-sample; style-src 'unsafe-inline' 'self' https://shell.cdn.office.net https://shellppe.cdn.office.net  report-sample; font-src 'self' data: https://*.akamaihd.net https://static2.sharepointonline.com; img-src 'self' blob: data: https://*.officeppe.com https://*.office.com https://*.msedge.net https://*.office365.com https://outlook.live.com https://*.microsoft.com https://*.vo.msecnd.net https://*.teams.microsoft.com https://*.officeapp.live.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://outlook.office365.com https://shell.cdn.office.net https://shellppe.cdn.office.net; connect-src 'self' blob: https://graph.microsoft.com wss://whiteboard.microsoft.com/sync https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com https://*.office.com https://*.officeppe.com https://*.msedge.net https://outlook.office365.com https://outlook.live.com https://config.edge.skype.net https://config.edge.skype.com https://browser.pipe.aria.microsoft.com https://shellprod.msocdn.com https://shellppe.msocdn.com https://shell.cdn.office.net https://shellppe.cdn.office.net; frame-src 'self' https://login.windows.net/ https://*.officeppe.com https://*.office.com https://*.spoppe.com https://microsoft.sharepoint-df.com https://microsoft.sharepoint.com https://www.yammer.com; frame-ancestors 'self' https://teams.microsoft.com; form-action 'none'; upgrade-insecure-requests; report-uri /cspreport 1
script-src 'nonce-XTdtEiMmezPJ9YE_NTPP7w' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-9c66cfa15064a9a69ebd0b6f85673b90' 'sha384-7uqQfGVKWAthYOKjE4CToVZDjNGO+rxLDL5sFo1HUI3u+vwLmAinEM0/LcURoj1h' 'sha256-spTpc4lvj4dOkKjrGokIrHkJgNA0xMS98Pw9N7ir9oI=' 'sha384-4FS9nLDjKOPIgz/SgGvZV4C8RHHRyRP1Fb6ZW/XH/o8PFaviPmgzLc6kOS2GQ87x' 'sha384-3vojR0D/VZNPM9rutbkAQlVZeDVrc50TkyBVfVpqoZzVQpWA65x5mQXOij0vt2Cu' 'sha384-VI5+XuguQ/l3kUhh4knz7Hxptx47wpQbVRDnp8v7Vvuhzwn1PEYb/uvtH6KLxv6d' 'report-sample'; object-src 'none'; base-uri 'self'; connect-src https://doordash.com https://analytics.google.com https://api.amplitude.com https://ct.pinterest.com https://p.tvpixel.com https://api.segment.io https://bat.bing.com https://www.facebook.com https://sentry.io https://bam.nr-data.net https://page-service-qa.doordash.com https://page-service.doordash.com https://cdn.doordash.com https://tn.alphonso.tv https://s3-design-language-system.cdn4dd.com https://logx.optimizely.com https://*.optimizely.com https://www.google-analytics.com https://www.doordash.com https://stats.g.doubleclick.net https://www.google-analytics.com https://order.online https://*.order.online https://preview.trycaviar.com https://staging.trycaviar.com https://qa.trycaviar.com/ https://www.trycaviar.com https://trycaviar.com https://www.google.com https://client-analytics.braintreegateway.com https://api.braintreegateway.com https://payments.braintree-api.com https://wwww.google.ca https://wwww.google.com.au https://api.doordash.com https://api-consumer-client.doordash.com https://www.paypal.com; frame-ancestors 'self'; report-uri https://sentry.io/api/5175049/security/?sentry_key=c269bf7b8bc44929b43bbb29e11cece5&sentry_environment=prod; worker-src 'none' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://dev-ssl.loseit.com/_ops/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri *.roche.com *.roche.net *.gene.com; plugin-types application/pdf; referrer origin-when-cross-origin; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1
object-src 'none'; base-uri 'none'; script-src 'nonce-Hx+s2h/v7D8qFooeKqSE9Q==' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' 'self' http: https:; worker-src 'self'; report-uri https://csp.withgoogle.com/csp/appsheet/2; 1
img-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' data: https://gravatar.com https://1.gravatar.com https://2.gravatar.com https://secure.gravatar.com https://p.typekit.net https://ping.typekit.net https://www.google-analytics.com; default-src 'none'; script-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' 'unsafe-inline' https://js-agent.newrelic.com https://www.google-analytics.com https://use.typekit.net https://bam.nr-data.net https://downloads.mailchimp.com https://s3.amazonaws.com/downloads.mailchimp.com *.list-manage.com; form-action 'self' https://okfn.us9.list-manage.com; font-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' data: https://use.typekit.net https://themes.googleusercontent.com; style-src https://d22739b8qd5enr.cloudfront.net https://a.okfn.org 'self' 'unsafe-inline' https://use.typekit.net; report-uri https://report-uri.io/report/3b3ae25e9e4ccf5f28ea8bef8e70fc63/reportOnly 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.net ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.net *.spreadshirt.net ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.net ; font-src 'self' https: data: *.spreadshirt.net ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.net ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.net ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' data: *.cloudflare.com *.google.com *.google.de *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.brightcove.net *.hotjar.com *.youtube.com *.doubleclick.net t.co *.twitter.com *.licdn.com *.ads-twitter.com *.adsymptotic.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.facebook.net *.pardot.com *.xrite.com *.xritephoto.com *.fonts.net *.bootstrapcdn.com *.linkedin.com *.akamaized.net *.akamaihd.net; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.boltdns.net *.zencdn.net *.cloudflare.com *.google.com *.google.de *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.brightcove.net *.hotjar.com *.youtube.com *.doubleclick.net t.co *.twitter.com *.licdn.com *.ads-twitter.com *.adsymptotic.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.facebook.net *.pardot.com *.xrite.com *.xritephoto.com *.fonts.net *.bootstrapcdn.com *.linkedin.com *.akamaized.net *.akamaihd.net; object-src *; style-src 'self' data: 'unsafe-inline' *.sharethis.com *.cloudflare.com *.google.com *.google.de *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.brightcove.net *.hotjar.com *.youtube.com *.doubleclick.net t.co *.twitter.com *.licdn.com *.ads-twitter.com *.adsymptotic.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.facebook.net *.pardot.com *.xrite.com *.xritephoto.com *.fonts.net *.bootstrapcdn.com *.linkedin.com *.akamaized.net *.akamaihd.net; img-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.boltdns.net *.cloudflare.com *.google.com *.google.de *.sharethis.com *.scorecardresearch.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.brightcove.net metrics.brightcove.com *.hotjar.com *.youtube.com *.doubleclick.net t.co *.twitter.com *.licdn.com *.ads-twitter.com *.adsymptotic.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.facebook.net *.pardot.com *.xrite.com *.xritephoto.com *.fonts.net *.bootstrapcdn.com *.linkedin.com *.akamaized.net *.akamaihd.net; media-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.google.com *.google.de *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.brightcove.net *.hotjar.com *.youtube.com *.doubleclick.net t.co *.twitter.com *.licdn.com *.ads-twitter.com *.adsymptotic.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.facebook.net *.pardot.com *.xrite.com *.xritephoto.com *.fonts.net *.bootstrapcdn.com *.linkedin.com *.akamaized.net *.akamaihd.net; frame-src *; font-src  'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.cloudflare.com *.google.com *.google.de *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.brightcove.net *.hotjar.com *.youtube.com *.doubleclick.net t.co *.twitter.com *.licdn.com *.ads-twitter.com *.adsymptotic.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.facebook.net *.pardot.com *.xrite.com *.xritephoto.com *.fonts.net *.bootstrapcdn.com *.linkedin.com *.akamaized.net *.akamaihd.net; connect-src *; child-src * blob: ; report-uri https://xriteprod.report-uri.com/r/d/csp/reportOnly 1
script-src 'nonce-YXNGC1-CgUdlIVH6WtCgNg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
script-src 'sha256-8uyWTbBTEY18w9rh/pIkqjaEt//p74FmLmiDxPavxnY=' 'nonce-yVhWGQ/Yk3ft93AZVuy6Gw==' 'self' 'unsafe-inline' https://note.com https://d291vdycu0ht11.cloudfront.net https://d2l930y2yx77uc.cloudfront.net https://polyfill.io https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com/firebasejs https://*.facebook.net https://platform.twitter.com https://*.twimg.com https://cdn.iframe.ly https://cdn.embedly.com https://*.tiktok.com https://*.tiktokcdn.com https://*.ibytedtos.com https://speakerdeck.com https://*.mul-pay.jp; object-src 'none'; base-uri 'self' 1
policy 1
default-src https: 'unsafe-inline' 'unsafe-eval' wss://jobsv3.wort.lu/api/v1/sites/pt/latina/playlistUpdates; img-src https: data: blob:; media-src https: blob:; font-src https: data:; report-uri https://www.wort.lu/report 1
default-src 'none';upgrade-insecure-requests;style-src https: 'unsafe-inline';font-src https: data:;img-src https: data:;connect-src 'self' https://browser.pipe.aria.microsoft.com https://web.vortex.data.microsoft.com;frame-src https://login.windows-ppe.net https://login.live.com https://login.live-int.com;worker-src 'self' blob:;child-src 'self' blob:;report-uri /api/csp-report?page=Unauth&reportOnly=True;script-src 'nonce-KUru/cFrpg+k2qUY+0p0sg==' 'unsafe-inline' 'unsafe-eval' https: 'strict-dynamic'; 1
default-src https: 'self'; base-uri 'self'; child-src 'self' cdn.nakedapartments.com *.twitter.com *.facebook.com www.youtube.com player.vimeo.com *.google.com tpc.googlesyndication.com; connect-src 'self' wss: www.google-analytics.com www.google.com securepubads.g.doubleclick.net cdn.nakedapartments.com bam.nr-data.net; font-src 'self' data: fonts.gstatic.com cdn.nakedapartments.com; form-action 'self' github.com; frame-ancestors 'none'; img-src 'self' 'unsafe-inline' data: cdn.nakedapartments.com react.nakedapartments.com *.streeteasy.com *.yelpcdn.com *.ggpht.com cbks0.googleapis.com 1520522.r.msn.com 1520522.r.bat.bing.com www.facebook.com www.google-analytics.com web.facebook.com www.appelsiini.net www.googleadservices.com tpc.googlesyndication.com stats.g.doubleclick.net googleads.g.doubleclick.net s3.amazonaws.com csi.gstatic.com pagead2.googlesyndication.com ssl.google-analytics.com maps.googleapis.com maps.gstatic.com *.google.com *.realtymx.com; object-src 'self'; plugin-types application/x-shockwave-flash; script-src 'unsafe-inline' 'self' 'unsafe-eval' cdn.nakedapartments.com react.nakedapartments.com platform.twitter.com *.google.com ssl.google-analytics.com flex.msn.com js.pusher.com stats.pusher.com maps.googleapis.com pagead2.googlesyndication.com s3.amazonaws.com www.googletagmanager.com connect.facebook.net www.google-analytics.com www.googletagservices.com www.googleadservices.com securepubads.g.doubleclick.net bam.nr-data.net; style-src 'self' 'unsafe-inline' cdn.nakedapartments.com *.google.com *.googleapis.com; report-uri https://1627f29bce741ebdc46108ecd8ebba3c.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com login.raiffeisen.ch googleads.g.doubleclick.net www.googleadservices.com microsites.raiffeisen.ch ; style-src 'self' 'unsafe-inline' fonts.googleapis.com microsites.raiffeisen.ch ; img-src 'self' data: statistics.raiffeisen.ch dmp.adform.net maps.googleapis.com maps.gstatic.com csi.gstatic.com khms0.googleapis.com khms1.googleapis.com dpm.demdex.net raiffeisen.demdex.net export.highcharts.com www.facebook.com media10.simplex.tv www.google.com www.google.ch googleads.g.doubleclick.net ; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' api.raiffeisen.ch statistics.raiffeisen.ch dpm.demdex.net login.raiffeisen.ch raiffeisen.tt.omtrdc.net export.highcharts.com boerse.raiffeisen.ch microsites.raiffeisen.ch ; media-src 'self' ruz.ch www.ruz.ch media10.simplex.tv ; frame-src media10.simplex.tv ; block-all-mixed-content ; report-uri https://api.rreports.ch/svreport/v1/api/wwwrch/csp ; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; report-uri https://cspreport.report-uri.io/r/default/csp/reportOnly 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net 'unsafe-inline'; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com; frame-src https://www.youtube.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d2lchq0n03yu65.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=137-0363243-3509819:rid=F67EE6C92A1742BD888D:sn=www.newworld.com 1
script-src 'self' https://cloud.typography.com/7315076/7256812/css/fonts.css; object-src 'none'; report-uri /report-csp-violation 1
default-src 'unsafe-inline' 'unsafe-eval'; script-src-elem https://www.boards.ie https://*.www.boards.test https://www.googletagmanager.com https://www.googletagservices.com https://www.google-analytics.com https://*.google.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://pool.journalmedia.ie https://*.skimresources.com https://*.google.ie  https://*.googleapis.com https://b-static.net https://static.boards.ie https://*.static.boards.test https://version.vbulletin.com 'unsafe-inline'; style-src-elem 'unsafe-inline' https://www.boards.ie https://*.www.boards.test https://b-static.net https://static.boards.ie https://*.static.boards.test; img-src http://* https://*; frame-src https://*.boards.ie https://*.boards.test https://pool.journalmedia.ie https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com ; connect-src https://*.boards.ie https://*.boards.test https://*.skimresources.com https://www.google-analytics.com https://*.doubleclick.net https://api.skimlinks.mgr.consensu.org https://*.googlesyndication.com; frame-ancestors 'self' https://*.boards.ie https://*.boards.test ; 1
frame-ancestors 'self' http://dev.lovdata.intern:* http://xdur:8080 1
default-src 'self'; object-src 'self'; media-src 'self' blob: https://*.akamaihd.net ; connect-src 'self'  https://hella.containers.piwik.pro  https://hella.piwikpro.com  https://hella.piwik.pro  https://*.video-cdn.net  https://licensing.bitmovin.com   https://*.akamaihd.net ; font-src 'self' data:  https://*.video-cdn.net  https://fonts.gstatic.com ; frame-src 'self'  https://*.video-cdn.net   http://irpages2.equitystory.com  https://charts3.equitystory.com  https://irpages2.equitystory.com   https://www.edge-cdn.net   https://hella.containers.piwik.pro  https://hella.piwikpro.com  https://hella.piwik.pro     ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://uu.createsend.com https://js.createsend1.com   https://*.video-cdn.net/v2/embed.js   https://hella.piwik.pro  https://hella.containers.piwik.pro https://hella.piwikpro.com  https://www.google.com  https://www.googleadservices.com  https://googleads.g.doubleclick.net https://www.google-analytics.com  https://www.googletagmanager.com https://ajax.googleapis.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com ; style-src 'self' 'unsafe-inline'  https://translate.googleapis.com https://translate.googleapis.com  https://translate.google.com ;  img-src data: 'self'  https://*.video-cdn.net   https://hella.containers.piwik.pro  https://hella.piwik.pro  https://hella.piwikpro.com   https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.g.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw      https://www.google.com  https://www.googleadservices.com  https://googleads.g.doubleclick.net https://www.google-analytics.com  https://www.googletagmanager.com https://ajax.googleapis.com https://translate.google.com https://translate.googleapis.com https://www.gstatic.com ;  worker-src: 'self' blob: ; report-uri https://hella.report-uri.com/r/d/csp/reportOnly 1
default-src *.switch.ch; style-src 'unsafe-inline' *.switch.ch; script-src 'unsafe-inline' *.switch.ch; img-src data: *.switch.ch; object-src 'none'; form-action 'self'; frame-ancestors *.switch.ch; report-uri https://www.switch.ch/csp-report/report.php 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' blob:; script-src 'self' 'unsafe-eval' tags.tiqcdn.com tags.tiqcdn.cn secure.insightexpressai.com browser-update.org js-agent.newrelic.com https://bam.nr-data.net bam.nr-data.net api.swiftype.com platform.twitter.com www.dsply.com gateway.answerscloud.com s.cr-nielsen.com dpm.demdex.net qualcomm.sc.omtrdc.net cdn.tagmanager.cn stats.ipinyou.com *.baidu.com players.brightcove.net *.akamaihd.net *.qualcomm.cn *.foresee.com gateway.answerscloud.com apikeys.civiccomputing.com ajax.googleapis.com blob:; object-src t.hypers.com.cn; style-src 'self' 'unsafe-inline' gateway.answerscloud.com; img-src 'self' data: aa.qualcomm.cn www.qualcomm.com https://www.qualcomm.com pt-corpmktg.qualcomm.com qualcomm.sc.omtrdc.net sb.scorecardresearch.com metrics.brightcove.com *.nr-data.net analytics.twitter.com t.co controller.4seeresults.com events.foreseeresults.com www.dsply.com *.baidu.com ds-aksb-a.akamaihd.net gateway.answerscloud.com apikeys.civiccomputing.com; media-src 'self' blob: https: secure.brightcove.com; frame-src 'self' www.youtube.com gateway.answerscloud.com t.hypers.com.cn s.cr-nielsen.com boscdn.bpc.baidu.com; font-src 'self' data: https: vjs.zencdn.net; connect-src 'self' *.nr-data.net https://edge.api.brightcove.com https://edge-elb.api.brightcove.com http://c.brightcove.com device.4seeresults.com; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self';connect-src 'self' https://www.google-analytics.com https://vc.hotjar.io https://*.hotjar.com:* wss://*.hotjar.com https://app.chatplus.jp https://ekr.zdassets.com wss://*.zopim.com;font-src 'self' data: https://v2.zopim.com https://appimg.chatplus.jp https://fonts.gstatic.com https://static.hotjar.com https://cdnjs.cloudflare.com;frame-src 'self' https://app.chatplus.jp https://optimize.google.com https://vars.hotjar.com https://appimg.chatplus.jp https://platform.twitter.com https://widget.as.criteo.com;img-src 'self' data: https://seal.alphassl.com https://v2.zopim.com https://app.chatplus.jp https://appimg.chatplus.jp https://image.chatplus.jp https://t.co https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://optimize.google.com https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google.co.jp https://cache.img.gmo.jp https://insights.hotjar.com https://static.hotjar.com https://px.a8.net https://*.yahoo.co.jp https://s.yimg.jp https://pepabo.com https://lolipop.jp https://*.heteml.jp https://goope.jp;manifest-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://seal.alphassl.com https://v2.zopim.com https://app.chatplus.jp https://appimg.chatplus.jp https://polyfill.io https://static.criteo.net https://sslwidget.criteo.com https://analytics.twitter.com https://ads-twitter.com https://platform.twitter.com https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://optimize.google.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cache.img.gmo.jp https://p01.mul-pay.jp https://pt01.mul-pay.jp https://static.hotjar.com https://script.hotjar.com https://statics.a8.net https://*.yahoo.co.jp https://s.yimg.jp https://s.yjtag.jp https://connect.facebook.net https://static.zdassets.com https://cdnjs.cloudflare.com https://pepabo.com https://*.heteml.jp;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://seal.alphassl.com https://v2.zopim.com https://app.chatplus.jp https://appimg.chatplus.jp https://polyfill.io https://static.criteo.net https://sslwidget.criteo.com https://analytics.twitter.com https://ads-twitter.com https://platform.twitter.com https://static.ads-twitter.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://optimize.google.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cache.img.gmo.jp https://p01.mul-pay.jp https://pt01.mul-pay.jp https://static.hotjar.com https://script.hotjar.com https://statics.a8.net https://*.yahoo.co.jp https://s.yimg.jp https://s.yjtag.jp https://connect.facebook.net https://static.zdassets.com https://cdnjs.cloudflare.com https://pepabo.com https://*.heteml.jp;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.chatplus.jp https://appimg.chatplus.jp https://tagmanager.google.com https://optimize.google.com https://cache.img.gmo.jp https://cdnjs.cloudflare.com https://pepabo.com;media-src 'self' https://appimg.chatplus.jp;report-uri https://muumuu-domain.com/csp/report; 1
default-src 'self' *.newpaltz.edu; style-src 'self' 'unsafe-inline' *.newpaltz.edu maxcdn.bootstrapcdn.com www.google.com cdnjs.cloudflare.com cdn.jsdelivr.net platform.twitter.com *.twimg.com fonts.googleapis.com static-cdn.e2ma.net necolas.github.io *.technolutions.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newpaltz.edu code.jquery.com *.google-analytics.com ajax.googleapis.com www.google.com cse.google.com static.tagboard.com tagboard.com cdnjs.cloudflare.com www.wufoo.com wufoo.com api.wunderground.com platform.instagram.com connect.facebook.net platform.twitter.com cdn.syndication.twimg.com oss.maxcdn.com *.youvisit.com signup.e2ma.net embedr.flickr.com widgets.flickr.com embed.idonate.com maxcdn.bootstrapcdn.com secure.wufoo.com embed.acuityscheduling.com player.vimeo.com *.unibuddy.co assets.calendly.com *.technolutions.net emma-content-aggregates-prd.s3.amazonaws.com www.recaptcha.net www.gstatic.com dk98ddgl0znzm.cloudfront.net; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com; frame-src *.newpaltz.edu *.tagboard.com www.myatlascms.com newpaltz.wufoo.com wufoo.com www.youtube.com embeds.tagboard.com free.timeanddate.com www.instagram.com platform.twitter.com syndication.twitter.com staticxx.facebook.com www.facebook.com app.acuityscheduling.com player.vimeo.com embed.idonate.com www.dhs.gov snapwidget.com unibuddy.co *.unibuddy.co secure.zenfolio.com cdn.knightlab.com map.concept3d.com my.matterport.com cse.google.com; img-src * data:; media-src 'self' *.newpaltz.edu; connect-src api.idonate.com stats.g.doubleclick.net *.technolutions.net www.facebook.com www.google-analytics.com www.newpaltz.edu; 1
default-src 'none'; script-src 'self'; connect-src 'self' https://*.goguardian.com; img-src 'self' https://*.goguardian.com; style-src 'self'; report-uri https://casper.goguardian.com/csp-report 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; base-uri https:; form-action https:; frame-ancestors https:; report-uri https://torontopubliclibrary.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; style-src 'self' 'unsafe-inline' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.googleapis.com www.google.com tagmanager.google.com *.vimeocdn.com; img-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.cdninstagram.com *.gravatar.com www.facebook.com static.lulu.com www.gstatic.com ssl.gstatic.com www.google.com www.googleapis.com clients1.google.com i.ytimg.com *.vimeocdn.com www.paypal.com placekitten.com http://dummyimage.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' data: cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net fonts.gstatic.com; report-uri https://www.sidefx.com/csp_reports/; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net www.facebook.com http://127.0.0.1:1714 ig.instant-tokens.com graph.instagram.com; frame-src 'self' data: www.google.com connect.facebook.net www.facebook.net www.facebook.com docs.google.com www.youtube.com lists.sidefx.com *.vimeo.com *.vimeocdn.com; script-src 'self' 'unsafe-eval' cdn.sidefx.com d2wvmrjymyrujw.cloudfront.net *.googleapis.com www.gstatic.com www.google.com cse.google.com *.facebook.net api.instagram.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net 'nonce-vNeQzVZQc8EgAzNh' 1
default-src   http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://checkout.stripe.com blob:;  style-src 'self' https://checkout.stripe.com 'unsafe-inline' ;  img-src * https://* http://* data:;  font-src 'self' data:;  script-src http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://js.stripe.com https://checkout.stripe.com https://platform.twitter.com/ https://twitter.com/ blob: 'unsafe-eval' 'unsafe-inline' ;  frame-src 'self'  https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://*.soundcloud.com/ http://www.youtube.com/embed/ https://www.youtube.com/embed/ https://platform.twitter.com/ https://twitter.com/;  media-src http://*.somafm.com https://*.somafm.com https://w.soundcloud.com https://api.soundcloud.com blob:;  object-src 'self' http://*.somafm.com https://*.somafm.com blob:;  connect-src http://somafm.com https://somafm.com http://*.somafm.com https://*.somafm.com https://checkout.stripe.com https://api.stripe.com ;  report-uri https://c70042f2c71bb9b31e563921ca1357ff.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://wwggsujy3yobtlvav9zj6w8w.httpschecker.net/report 1
default-src 'self'; script-src cdn.report-uri.com api.stripe.com js.stripe.com www.google-analytics.com www.gstatic.com www.google.com 'nonce-Mjg3MTE3MzExNiwxMTk2MTQxMDIz'; style-src 'self' 'unsafe-inline' cdn.report-uri.com; img-src 'self' data: cdn.report-uri.com www.google-analytics.com; font-src 'self' cdn.report-uri.com; connect-src 'self' api.stripe.com; frame-ancestors *.cloudflareworkers.com *.cloudflare.com; form-action 'self' hooks.stripe.com; frame-src js.stripe.com www.google.com; child-src js.stripe.com www.google.com; upgrade-insecure-requests; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.themanual.com/collector/nr.php?ctx=csp-violation 1
default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com *.google-analytics.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com; img-src 'self' 'unsafe-inline' *.google-analytics.com https://syndication.twitter.com https://*.sharethis.com; frame-src 'self' 'unsafe-inline' *.youtube.com https://platform.twitter.com https://player.vimeo.com https://www.facebook.com https://*.sharethis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.instagram.com www.gstatic.com api.tiles.mapbox.com api.mapbox.com *.bootstrapcdn.com *.mapbox.com ajax.cloudflare.com *.omappapi.com *.optnmstr.com *.googleapis.com analytics.twitter.com assets.juicer.io code.jquery.com connect.facebook.net static.ads-twitter.com www.google-analytics.com www.googletagmanager.com; style-src 'unsafe-inline' 'report-sample' 'self' www.gstatic.com api.tiles.mapbox.com *.mapbox.com assets.juicer.io cloud.typography.com fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' www.gstatic.com *.opendns.com events.mapbox.com api.mapbox.com *.mapbox.com *.omappapi.com *.doubleclick.net stats.g.doubleclick.net www.google-analytics.com www.facebook.com *.omappapi.com; font-src 'self' data: *.webtype.com fonts.gstatic.com static.juicer.io; media-src 'self' production-tcf.imgix.net; frame-src 'self' www.ustream.tv *.carto.com *.plotly.com ajammultimedia.carto.com www.podbean.com cdn.knightlab.com plot.ly www.instagram.com docs.google.com www.youtube.com *.soundcloud.com www.facebook.com thecenturyfoundation.carto.com; img-src 'self' data: maps.gstatic.com *.gstatic.com maps.googleapis.com *.googleapis.com *.ytimg.com www.googletagmanager.com pls.webtype.com production-tcf.imgix.net t.co www.facebook.com www.google-analytics.com; manifest-src 'self'; report-uri https://a17pctest.report-uri.com/r/d/csp/reportOnly/; worker-src blob:; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.jp&source%5Bsection%5D=brochure&source%5Buuid%5D=8870128d8ef3bf7727e914cac10c8578 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; report-uri https://usercontent.mobileread.org/csp-report 1
font-src static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com fonts.gstatic.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com insight.adsrvr.org www.affirm.com sandbox.affirm.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com *.fls.doubleclick.net www.facebook.com *.klarnaservices.com *.online-metrix.net imgs.signifyd.com js.stripe.com *.vimeo.com vimeo.com d.emails.wahoofitness.com *.yotpo.com *.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com secure.adnxs.com insight.adsrvr.org *.affirm.com bat.bing.com *.bazaarvoice.com dis.criteo.com gum.criteo.com ad.doubleclick.net stats.g.doubleclick.net www.facebook.com *.google.com *.gstatic.com eu.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com www.lightboxcdn.com imgs.signifyd.com t.co *.wahoofitness.com sp.analytics.yahoo.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com js.adsrvr.org lightboxapi.azurewebsites.net *.bazaarvoice.com bat.bing.com *.affirm.com static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.google.com *.googleapis.com googleads.g.doubleclick.net www.googletagmanager.com www.gstatic.com www.lightboxcdn.com js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com cdn.optimizely.com www.refersion.com assets.reflow.tv imgs.signifyd.com js.stripe.com static.ads-twitter.com analytics.twitter.com d.emails.wahoofitness.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com fonts.googleapis.com www.lightboxcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.bazaarvoice.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.affirm.com track.cordial.io *.dynamicyield.com eu.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com bam.nr-data.net insight.reflow.tv imgs.signifyd.com d.emails.wahoofitness.com vimeo.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; connect-src 'self' https://*.google-analytics.com https://pagead2.googlesyndication.com; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com data: https://webfonts.zohostatic.com https://use.typekit.net; form-action https://*.splitwise.com https://accounts.google.com; frame-src 'self' https://js.stripe.com https://www.youtube.com https://www.facebook.com https://platform.twitter.com https://apis.google.com https://accounts.google.com https://www.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://js.stripe.com/; img-src 'self' https://assets.splitwise.com https://s3.amazonaws.com/splitwise/ https://splitwise.s3.amazonaws.com https://chart.googleapis.com https://*.fbsbx.com https://*.fbcdn.net https://graph.facebook.com/ http://widget.uservoice.com https://widget.uservoice.com https://*.google-analytics.com https://*.googlesyndication.com https://csi.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' https://assets.splitwise.com https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/ https://connect.facebook.net https://www.google.com/m8/feeds/contacts/ https://www.youtube.com https://s.ytimg.com https://widget.uservoice.com https://by2.uservoice.com https://*.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://partner.googleadservices.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://adservice.google.com.co https://adservice.google.com.br https://adservice.google.co.uk https://adservice.google.com.ar https://adservice.google.co.in https://adservice.google.co.ao https://adservice.google.de https://adservice.google.fr https://adservice.google.pl https://apis.google.com https://platform.twitter.com https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://js.stripe.com/; style-src 'unsafe-inline' https://assets.splitwise.com https://fonts.googleapis.com/ https://cdnjs.cloudflare.com; report-uri /webhooks/csp_violations 1
default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data: image/*; frame-ancestors 'self' *.sunrise.ch; frame-src https:; connect-src https: wss: data:; font-src https: data:; media-src 'self' https:; report-uri https://www.sunrise.ch/csp-collector; upgrade-insecure-requests 1
form-action 'self'; report-uri https://ylilauta.org/csp-report.php 1
default-src 'self'; script-src 'self' *.crex24.com *.google-analytics.com https://www.google-analytics.com/analytics.js *.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com ton.twimg.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.google-analytics.com wss://crex24.com https://stats.g.doubleclick.net https://mc.yandex.ru/; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/ https://xslotframe1.com/; report-uri /api/report-csp1/ 1
report-uri https://www.yelp.com/csp_report_only?id=efeb9d738cedc3fd&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601025892; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
report-uri https://www.yelp.com/csp_report_only?id=cc696a7d36ea2c88&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601035870; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com/maps/api/geocode/json https://www.google-analytics.com/analytics.js  https://cr.testfreaks.com https://d1le22hyhj2ui8.cloudfront.net https://js.testfreaks.com https://se-content-b.psplugin.com https://w8db611c3.api.esales.apptus.cloud https://wff10df68.api.esales.apptus.cloud https://cdn.esales.apptus.com/api/apptus-esales-api-2.0.1.js https://co1078.clasohlson.se/nl https://co1078.clasohlson.se/webApp https://www.gstatic.com/recaptcha images.clasohlson.com checkout-eu.playground.klarna.com se-content-f.psplugin.com https://www.google.com/recaptcha/api.js www.gstatic.com clasohlson.psplugin.com content.psplugin.com co.clasohlson.com co1078.clasohlson.se 04uatcrmm.clasohlson.com maps.gstatic.com www.google-analytics.com fonts.gstatic.com fonts.googleapis.com www.googletagmanager.com maps.googleapis.com account.psplugin.com x.klarnacdn.net evt.playground.klarna.com https://www.youtube.com https://js.playground.klarna.com  https://eu.playground.klarnaevt.com https://widget.porterbuddy.com https://careoffunctionsuatstor.blob.core.windows.net/rentalscripts/rental.js https://reviews.testfreaks.com/ https://www.google.com https://ds-aksb-a.akamihd.net/aksb.min.js https://api.porterbuddy-test.com/availability https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/id https://adtr.io https://connect.facebook.net  https://translate.googleapis.com https://googleads.g.doubleclick.net https://segment.api.useinsider.com  https://w76e66a6f.api.esales.apptus.cloud/ https://static.hotjar.com https://in.hotjar.com https://vars.hotjar.com/ https://vc.hotjar.io https://script.hotjar.com https://assets.api.useinsider.com https://stats.g.doubleclick.net https://www.facebook.com https://location.api.useinsider.com https://clasohlson.api.useinsider.com https://hit.api.useinsider.com https://adservice.google.com https://5756990.fls.doubleclick.net https://socialproof.api.useinsider.com https://tpc.googlesyndication.com https://cnv.adt662.net https://unification.useinsider.com https://api.porterbuddy.com  https://s2.adform.net https://track.adform.net https://js.klarna.com https://eu.klarnaevt.com https://ds-aksb-a.akamaihd.net https://www.googleadservices.com https://translate.google.com https://cop-order-prod-cdnendpoint.azureedge.net/blob/returns.js https://se-content-a.psplugin.com/visitor/2.8.304/fonts/vngage.ttf https://se-content-a.psplugin.com/visitor/2.8.304/fonts/vngage.woff https://se-content-a.psplugin.com https://apim-stream00-prod-apim.azure-api.net https://bat.bing.com/bat.js https://*.psplugin.com https://*.hotjar.com https://*.cloudflare.com wss://*.hotjar.com; report-uri /coutility/view/COCsp/csp-reports; img-src 'self' data: *; 1
child-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: insight.adsrvr.org; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: hosted.where2getit.com 6385142.fls.doubleclick.net 10192473.fls.doubleclick.net www.google.com insight.adsrvr.org analytics.twitter.com s7.addthis.com www.deltafaucet.com match.adsrvr.org display.ugc.bazaarvoice.com www.facebook.com deltaiframe.showerdoorinstallation.com bid.g.doubleclick.net edge.addthis.com ct.pinterest.com www.youtube.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: loadm.exelator.com www.google.com.pr s7.addthis.com network-a.bazaarvoice.com t.mookie1.com www.deltafaucet.com ct.pinterest.com www.googletagmanager.com px.steelhousemedia.com pixel.rubiconproject.com dpm.demdex.net bam.nr-data.net www.google-analytics.com beacon.krxd.net x.bidswitch.net d10lpsik1i8c69.cloudfront.net match.adsrvr.org cw.addthis.com cm.g.doubleclick.net network.bazaarvoice.com www.google.com.mx insight.adsrvr.org photos-us.bazaarvoice.com usermatch.krxd.net www.google.com pixel.tapad.com s.thebrighttag.com media.deltafaucet.com cdn-x.omniconvert.com m.addthis.com t.co i.ytimg.com goo.gl dsum-sec.casalemedia.com match.sharethrough.com display.ugc.bazaarvoice.com ib.adnxs.com load77.exelator.com embeddedcloud.pricespider.com s3.amazonaws.com www.google.co.in simage2.pubmatic.com www.facebook.com media.peerlessfaucet.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: dx.steelhousemedia.com s.pinimg.com static.ads-twitter.com js.adsrvr.org analytics-static.ugc.bazaarvoice.com www.googletagmanager.com px.steelhousemedia.com www.google-analytics.com s.ytimg.com network.bazaarvoice.com www.googleadservices.com ws.rightonin.com www.google.com ajax.googleapis.com cdn.omniconvert.com d10lpsik1i8c69.cloudfront.net apps.nexus.bazaarvoice.com cdn.pricespider.com display.ugc.bazaarvoice.com analytics.twitter.com edge.addthis.com js-agent.newrelic.com bam.nr-data.net apps.bazaarvoice.com s7.addthis.com www.youtube.com www.deltafaucet.com ww.steelhousemedia.com api.bazaarvoice.com googleads.g.doubleclick.net bat.bing.com m.addthis.com z.moatads.com connect.facebook.net v1.addthisedge.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: d10lpsik1i8c69.cloudfront.net display.ugc.bazaarvoice.com cdn.pricespider.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: d10lpsik1i8c69.cloudfront.net bam.nr-data.net stats.g.doubleclick.net network-a.bazaarvoice.com app.omniconvert.com s7.addthis.com www.google.com network.bazaarvoice.com ct.pinterest.com www.google-analytics.com apps.bazaarvoice.com m.addthis.com api.bazaarvoice.com www.deltafaucet.com www.facebook.com public-auth-dot-lucky-orange.appspot-preview.com bat.bing.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com www.deltafaucet.com www.google-analytics.com; form-action  www.deltafaucet.com ct.pinterest.com www.facebook.com api.bazaarvoice.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.deltafaucet.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: d10lpsik1i8c69.cloudfront.net media.deltafaucet.com; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: literature.deltafaucet.com deltaiframe.showerdoorinstallation.com; report-uri /csp_report 1
style-src 'self' *.flocabulary.com use.typekit.net use.typekit.com p.typekit.net 'unsafe-inline'; connect-src 'self' sessions.bugsnag.com forms.hubspot.com biggie-the-cat.s3.amazonaws.com bam.nr-data.net; font-src 'self' *.flocabulary.com use.typekit.net use.typekit.com data:; media-src 'self' *.flocabulary.com flocabulary.s3.amazonaws.com; script-src 'self' *.flocabulary.com www.googletagmanager.com 'sha256-h8gG1uNWi02S00uhnnPan+IfTOULBEi0D46e6eAw/dk=' connect.facebook.net apis.google.com ajax.googleapis.com www.google-analytics.com js.hsleadflows.net js.hs-analytics.net bam.nr-data.net js-agent.newrelic.com d1fc8wv8zag5ca.cloudfront.net 'nonce-mkintCBEaqosgXn8'; object-src 'self' *.flocabulary.com s3.amazonaws.com; frame-src 'self' www.facebook.com s3.amazonaws.com; img-src 'self' *.flocabulary.com flocabulary.s3.amazonaws.com s3.amazonaws.com biggie-the-cat.s3.amazonaws.com www.facebook.com track.hubspot.com events.fivetran.com www.google-analytics.com cx.atdmt.com stats.g.doubleclick.net data:; default-src 'self' *.flocabulary.com; frame-ancestors 'self' nearpod.com *.nearpod.com *.nearpod.us; report-uri https://1790360b11fe0efc9c9d543e4d7dfa4d.report-uri.com/r/d/csp/reportOnly 1
img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; plugin-types application/x-shockwave-flash; script-src * 'unsafe-inline' blob:; report-uri https://content-security-policy.jobteaser.com/report 1
default-src *.bellroy.com 'self' https: data:; base-uri 'self'; connect-src *.bellroy.com https: wss: www.google.com api.tangiblee.com; font-src *.bellroy.com 'self' data: https: themes.googleusercontent.com fonts.googleapis.com fonts.gstatic.com; img-src *.bellroy.com https: data: blob: android-webview-video-poster:; media-src *.bellroy.com https: data: blob:; script-src *.bellroy.com 'self' https: 'unsafe-inline' 'unsafe-eval' data: opera: google.com *.visa.com d1fc8wv8zag5ca.cloudfront.net; style-src *.bellroy.com https: 'unsafe-inline' data:; frame-src *.bellroy.com 'self' https: data: ms-appx-web: www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp_reports 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.walkme.com v2.zopim.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ssl.google-analytics.com myaccount.ingramspark.com v2.zopim.com www.facebook.com ekr.zdassets.com forms.hubspot.com cdn.cookielaw.org stats.g.doubleclick.net cdn.walkme.com www.google.com www.google-analytics.com ec.walkme.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: stackpath.bootstrapcdn.com use.fontawesome.com www.ingramspark.com fonts.googleapis.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com v2.zopim.com use.fontawesome.com; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: v2.zopim.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ajax.googleapis.com googleads.g.doubleclick.net js.hs-analytics.net www.googleadservices.com www.google.com stackpath.bootstrapcdn.com connect.facebook.net js.hs-banner.com ssl.google-analytics.com v2.zopim.com static.zdassets.com cdn.walkme.com js.hsleadflows.net www.dwin1.com cdn.cookielaw.org stats.g.doubleclick.net widget-mediator.zopim.com www.googletagmanager.com cdnjs.cloudflare.com js.hs-scripts.com www.google-analytics.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.xe.com cdn.walkme.com www.google.com www.ingramspark.com www.facebook.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com ssl.google-analytics.com v2.zopim.com www.ingramspark.com googleads.g.doubleclick.net track.hubspot.com www.google.com.au www.facebook.com myaccount.ingramspark.com ec.walkme.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net image-hub-cloud.lightningsource.com; form-action  myaccount.ingramspark.com www.facebook.com; report-uri /csp_report 1
frame-src 'self' https://js.stripe.com https://dialog.filepicker.io https://www.filepicker.io https://content.googleapis.com https://www.google.com https://insight.adsrvr.org https://match.adsrvr.org https://vimeo.com https://player.vimeo.com https://www.youtube.com https://suicidegirls.com https://gfycat.com https://streamable.com https://bandcamp.com https://open.spotify.com https://www.youtube-nocookie.com https://www.facebook.com https://m.facebook.com https://platform.twitter.com https://player.twitch.tv https://w.soundcloud.com https://eroshare.com https://oddshot.tv https://www.pornhub.com https://www.reverbnation.com https://drive.google.com https://www.washingtonpost.com https://www.arte.tv https://www.mixcloud.com https://www.redgifs.com https://redgifs.com https://www.instagram.com https://instagram.com https://www.flickr.com http://www.funnyordie.com https://giphy.com/; report-uri https://o427384.ingest.sentry.io/api/5371353/security/?sentry_key=43c8657ea1d147008318337fbb88642b 1
report-uri /csp-logger;default-src 'self' https://vanguardassets.bmstatic.com/assets/;connect-src 'self' https://vanguardassets.bmstatic.com/assets/ https://mc.yandex.fr https://mc.yandex.ru https://cognito-identity.us-east-1.amazonaws.com https://mobileanalytics.us-east-1.amazonaws.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://api.rollbar.com;style-src 'self' 'unsafe-inline' https://vanguardassets.bmstatic.com/assets/;script-src 'self' 'unsafe-inline' https://vanguardassets.bmstatic.com/assets/ https://app.link https://cdn.polyfill.io https://connect.facebook.net https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://js.stripe.com https://mc.yandex.ru;img-src * 'self' data:;frame-src 'self' https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://js.stripe.com https://simplecast.com https://mc.yandex.ru;object-src 'none' 1
base-uri 'none'; object-src 'none'; script-src https://blenderartists.org/logs/ https://blenderartists.org/sidekiq/ https://blenderartists.org/mini-profiler-resources/ https://media.blenderartists.org/assets/ https://media.blenderartists.org/brotli_asset/ https://blenderartists.org/extra-locales/ https://media.blenderartists.org/highlight-js/ https://media.blenderartists.org/javascripts/ https://media.blenderartists.org/plugins/ https://media.blenderartists.org/theme-javascripts/ https://media.blenderartists.org/svg-sprite/ 'report-sample' 'unsafe-inline' https: https://pagead2.googlesyndication.com/; worker-src 'self' https://media.blenderartists.org/assets/ https://media.blenderartists.org/brotli_asset/ https://media.blenderartists.org/javascripts/ https://media.blenderartists.org/plugins/; report-uri https://blenderartists.org/csp_reports 1
default-src 'self' data: blob: *.ipstatp.com *.byteoversea.com;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.facebook.net *.hypstarcdn.com *.ibytedtos.com *.byteoversea.com *.ipstatp.com;style-src 'unsafe-inline' *.gstatic.com *.ipstatp.com *.googleapis.com;media-src ;connect-src *.hypstarcdn.com *.byteoversea.com *.googleapis.com;img-src *.gstatic.com *.ipstatp.com;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=m_home 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; report-uri https://api.transparentcdn.com/v1/csp/report/83/ 1
default-src https: wss:; script-src https: wss: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.hermescloud.co.uk *.trustpilot.com *.gstatic.com *.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.visualwebsiteoptimizer.com *.googletagmanager.com *.appdynamics.com s.pinimg.com *.cloudfront.net ct.pinterest.com; connect-src api.hermesworld.co.uk hermes-df-prod.eu.auth0.com col.eum-appdynamics.com *.google-analytics.com analytics.google.com ct.pinterest.com; report-uri /deliberately-broken; 1
script-src 'nonce-J_eIThI8P5gzuldYrpX4Sg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src https://*.cordis.europa.eu:443 https://cordis.europa.eu:443 https://europa.eu:443 https://sdc-cordis.mainstrat.com:443 https://ec.europa.eu:443 data:; base-uri https://*.cordis.europa.eu:443 https://cordis.europa.eu:443; style-src 'unsafe-inline' https://*.cordis.europa.eu:443 https://cordis.europa.eu:443 https://europa.eu:443 https://webtools.ec.europa.eu:443; font-src data: https://*.cordis.europa.eu:443 https://cordis.europa.eu:443; img-src data: https://*.cordis.europa.eu:443 https://cordis.europa.eu:443 https://sdc-cordis.mainstrat.com:443 https://europa.eu:443 https://webtools.ec.europa.eu:443 https://webanalytics.europa.eu:443 https://webgate.ec.europa.eu/fpfis/piwik/ https://opanalytics.piwik.pro; media-src data: https://*.cordis.europa.eu:443 https://cordis.europa.eu:443 https://sdc-cordis.mainstrat.com:443 https://europa.eu:443 https://webtools.ec.europa.eu:443; script-src 'unsafe-eval' 'unsafe-inline' https://*.cordis.europa.eu:443 https://cordis.europa.eu:443 https://sdc-cordis.mainstrat.com:443 https://europa.eu:443 https://ec.europa.eu:443 https://webtools.ec.europa.eu:443 https://webanalytics.europa.eu:443 https://webgate.ec.europa.eu/fpfis/piwik/ https://opanalytics.containers.piwik.pro https://opanalytics.piwik.pro; form-action https://*.cordis.europa.eu:443 https://cordis.europa.eu:443; frame-ancestors https://*.cordis.europa.eu:443 https://cordis.europa.eu:443; object-src 'none'; report-uri https://cordis.europa.eu/csp-report/report;  1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report 1
frame-ancestors 'none'; report-uri https://coolworks.report-uri.com/r/d/csp/wizard; child-src bid.g.doubleclick.net player.vimeo.com www.youtube.com; connect-src 'self' coolworkshelp.zendesk.com ekr.zdassets.com static.arcgis.com stats.g.doubleclick.net wss://widget-mediator.zopim.com www.google-analytics.com app.getsitecontrol.com www.google.com server.arcgisonline.com checkout.stripe.com services.arcgisonline.com cdn1.coolworks.com dpqzxsze8xzri.cloudfront.net; default-src 'unsafe-eval' 'unsafe-inline' assets.zendesk.com cdn1.coolworks.com cdn2.coolworks.com ekr.zdassets.com fonts.googleapis.com fonts.gstatic.com googleads.g.doubleclick.net pixel.wp.com st.getsitecontrol.com stats.wp.com widgets.getsitecontrol.com www.google-analytics.com www.google.com www.googletagmanager.com app.getsitecontrol.com coolworkshelp.zendesk.com static.zdassets.com wss://widget-mediator.zopim.com; font-src cdn1.coolworks.com data: dpqzxsze8xzri.cloudfront.net fonts.gstatic.com st.getsitecontrol.com 'self' s0.wp.com; frame-src bid.g.doubleclick.net www.facebook.com www.youtube.com www.google.com player.vimeo.com m.facebook.com checkout.stripe.com tpc.googlesyndication.com js.stripe.com; img-src app.getsitecontrol.com cdn1.coolworks.com cdn2.coolworks.com coolworks-bucket001.s3.amazonaws.com data: dpqzxsze8xzri.cloudfront.net pixel.wp.com server.arcgisonline.com services.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com www.google.co.uk www.google.com googleads.g.doubleclick.net scontent-ort2-2.cdninstagram.com www.instagram.com 'self' i0.wp.com i1.wp.com www.googletagmanager.com i2.wp.com scontent-atl3-1.cdninstagram.com www.gravatar.com i.vimeocdn.com i.ytimg.com q.stripe.com wp.coolworks.com www.facebook.com www.youtube.com help.coolworks.com; media-src static.zdassets.com; script-src-attr 'unsafe-inline'; script-src-elem 'unsafe-inline' assets.zendesk.com cdn1.coolworks.com cdn2.coolworks.com connect.facebook.net dpqzxsze8xzri.cloudfront.net googleads.g.doubleclick.net st.getsitecontrol.com static.zdassets.com stats.wp.com widgets.getsitecontrol.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.recaptcha.net tpc.googlesyndication.com 'self' data: s0.wp.com s1.wp.com about checkout.stripe.com widget-mediator.zopim.com www.google.com js.stripe.com; script-src 'unsafe-eval' 'unsafe-inline' assets.zendesk.com cdn1.coolworks.com cdn2.coolworks.com googleads.g.doubleclick.net st.getsitecontrol.com static.zdassets.com stats.wp.com widgets.getsitecontrol.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com connect.facebook.net www.google.com www.gstatic.com 'self' widget-mediator.zopim.com www.recaptcha.net checkout.stripe.com; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' cdn1.coolworks.com cdn2.coolworks.com dpqzxsze8xzri.cloudfront.net fonts.googleapis.com 'self' s0.wp.com; style-src 'unsafe-eval' 'unsafe-inline' cdn1.coolworks.com cdn2.coolworks.com fonts.googleapis.com; form-action 'self' coolworks.us12.list-manage.com; object-src 'none'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.dirt.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; base-uri 'self'; child-src https://www.youtube.com; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api-iam.intercom.io; font-src 'self' https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' 'unsafe-inline' *.gstatic.com static.cloud.coveo.com fonts.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com *.youtube.com *.ytimg.com *.google-analytics.com stats.g.doubleclick.net siteimproveanalytics.com *.siteimproveanalytics.io static.hubbardone.com ajax.googleapis.com *.siteimprove.com 1
report-uri default-src 'unsafe-inline' 'unsafe-eval' 'self' *.typekit.net *.google.com *.gstatic.com *.googletagmanager.com 1
default-src 'none' ; script-src https: 'unsafe-eval' 'unsafe-inline' 'self' https://assets-web.armadillo.xyz https://assets-web.searshomeservices.com https://*.247-inc.net https://*.adobedtm.com https://*.sc.omtrdc.net https://www.google-analytics.com https://ajax.googleapis.com https://searspartsdirect.btttag.com https://tags.tiqcdn.com https://static.criteo.net https://px.owneriq.net https://*.go-mpulse.net https://resources.xg4ken.com https://bat.bing.com https://*.criteo.com https://connect.facebook.net https://secure.quantserve.com https://www.googleadservices.com https://st1.dialogtech.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://www.youtube.com https://s.ytimg.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.bounceexchange.com https://apps.bazaarvoice.com; style-src https: 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets-web.armadillo.xyz https://assets-web.searshomeservices.com; font-src 'self' data: https://fonts.gstatic.com; connect-src https: 'self' https://*.ch3.s.com https://*.searspartsdirect.io https://searspartsdirectapis.com https://*.247-inc.net; child-src https: 'self' https://armadillo.xyz https://www.searshomeservices.com https://*.247-inc.net https://youtube.com https://assets.bounceexchange.com https://px.owneriq.net https://d.btttag.com; object-src 'self'; worker-src 'self' blob:; manifest-src 'self'; img-src https: data:; frame-ancestors 'self'; report-uri https://31a2c7fb54d38ca48f49546888bdc42f.report-uri.com/r/d/csp/reportOnly 1
font-src data: *.gstatic.com https://objects.chopard.com *.sfdcstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.fls.doubleclick.net *.force.com *.google.com https://objects.chopard.com *.cedexis-test.com *.hotjar.com *.contentsquare.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.quantserve.com https://objects.chopard.com *.igodigital.com *.google.com *.facebook.com *.linkedin.com *.cedexis-test.com *.siteimproveanalytics.io *.contentsquare.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://objects.chopard.com *.gstatic.com *.force.com *.facebook.net *.mouseflow.com *.cloudfront.net *.cedexis.com *.cedexis-test.com *.salesforceliveagent.com *.googletagmanager.com *.cloudflare.com *.curalate.com *.licdn.com *.contentsquare.net *.igodigital.com siteimproveanalytics.com emea-chopard.netmng.com *.quantserve.com *.hotjar.com *.quantcount.com *.newrelic.com *.userway.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://objects.chopard.com *.force.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.mouseflow.com https://objects.chopard.com *.freshrelevance.com wss://am.freshrelevance.com *.g.doubleclick.net *.cedexis.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: ; report-uri /vdc-csp-report 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://www.milestonesys.com/csp/report 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data: ; report-uri https://booklog.report-uri.io/r/default/csp/reportOnly 1
default-src 'none'; connect-src 'self' www.linkedin.com www.google-analytics.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com www.linkedin.cn static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn; script-src 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.cn platform-akam.linkedin.cn platform-ecst.linkedin.cn platform-azur.linkedin.cn static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn; img-src data: blob: *; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn; media-src dms.licdn.com dms.licdn.cn; child-src blob: *; frame-src 'self' lnkd.demdex.net linkedin.cdn.qualaroo.com; manifest-src 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=g 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: s.ytimg.com siteimproveanalytics.com us4.siteimprove.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com 1
default-src 'self' https: wss: data: none: gsa: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 1
default-src 'self' ; connect-src 'self' *.visualstudio.com www.facebook.com *.zopim.com t.kmtx.io *.doubleclick.net *.mapbox.com www.google.com ekr.zdassets.com eurotunnel.zendesk.com cdnjs.cloudflare.com ajax.googleapis.com *.google-analytics.com adservice.google.com cdn-ukwest.onetrust.com in.hotjar.com privacyportal-uk.onetrust.com rollbar-eu.zendesk.com s.yimg.com session.socialware.com vc.hotjar.io wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com www.bing.com www.google.be www.google.co.uk www.google.de www.google.fr www.google.it www.google.nl www.google.pl www.google.ro app.socialware.com gjtrack.ucweb.com static.zdassets.com ; font-src data: fonts.gstatic.com v2.zopim.com 'self' script.hotjar.com themes.googleusercontent.com ; frame-src 'self' player.vimeo.com widget.trustpilot.com gateway.zscloud.net gum.criteo.com aax-eu.amazon-adsystem.com travelmoney.travelex.co.uk *.twitter.com *.doubleclick.net tpc.googlesyndication.com analytics-google.net www.googletagmanager.com mozbar.moz.com *.facebook.com acs.airplus.com connect.facebook.net vars.hotjar.com www.google.com www.instagram.com www.youtube.com w.soundcloud.com twitter.com vimeo.com www.booking.com www.linkedin.com leshuttle.typeform.com ; img-src blob: q-xx.bstatic.com dis.criteo.com ad.sxp.smartclip.net ad.yieldlab.net cotads.adscale.de cdn.stickyadstv.com cm.adform.net r.casalemedia.com rtb-csync.smartadserver.com criteo-partners.tremorhub.com criteo-sync.teads.tv match.bnmla.com contextual.media.net match.sharethrough.com sync-criteo.ads.yieldmo.com visitor.omnitagjs.com ad.360yield.com sync.e-planning.net beacon.krxd.net x.bidswitch.net tags.bluekai.com us-u.openx.net s.ad.smaato.net ad.doubleclick.net pixel.rubiconproject.com *.pubmatic.com secure.adnxs.com *.2mdn.net sp.analytics.yahoo.com sync.outbrain.com *.twitter.com *.blob.core.windows.net *.zopim.com *.zopim.io *.doubleclick.net consent.trustarc.com via.placeholder.com lowffdompro.com *.twimg.com login.microsoftonline.com *.gstatic.com www.google.ge www.google.pl www.google.ru www.google.cm www.google.com.eg www.google.co.kr www.google.com.np www.google.co.th www.google.dz www.google.no www.google.com.hk www.google.com.mm www.google.co.il www.google.az www.google.sk www.google.ie www.google.com.pe *.ggpht.com www.google.de www.google.cz www.google.co.za www.google.se www.google.dk www.google.gr www.google.lv www.google.com.tw www.google.com.ph www.google.com.uy www.google.fi www.google.com.ua www.google.com.cy www.google.com.jm www.google.im www.google.co.ve www.google.com.sg www.google.ca www.google.es www.google.kg www.google.be www.google.at www.google.pt www.google.fr www.google.it www.google.com.br www.google.com.ar www.google.ch www.google.me www.google.com.ec www.google.ro www.google.nl www.google.com.mx www.google.com.lb www.google.com.co www.google.com.tr www.google.cl www.google.co.in www.google.hr data: img.youtube.com *.googleapis.com 'self' *.google-analytics.com *.facebook.com www.google.co.uk www.google.com ads.stickyadstv.com ads.yahoo.com adservice.google.ad adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.nz adservice.google.co.uk adservice.google.co.za adservice.google.co.zw adservice.google.com adservice.google.com.au adservice.google.com.co adservice.google.com.kw adservice.google.com.mt adservice.google.com.mx adservice.google.com.pe adservice.google.cz adservice.google.de adservice.google.dk adservice.google.es adservice.google.fr adservice.google.gg adservice.google.gr adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.iq adservice.google.it adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.se an.yandex.ru cdn-ukwest.onetrust.com help.eurotunnel.com i.liadm.com i.vimeocdn.com i.ytimg.com translate.google.com twitter.com www.google-analytics.com www.google.ad www.google.ae www.google.al www.google.bg www.google.co.jp www.google.co.ma www.google.co.nz www.google.co.zw www.google.com.au www.google.com.gi www.google.com.kw www.google.com.mt www.google.com.pk www.google.com.qa www.google.ee www.google.gg www.google.hu www.google.iq www.google.je www.google.li www.google.lt www.google.lu www.google.rs www.google.si www.google.sn www.google.tn www.googletagmanager.com cm.g.doubleclick.net connect.facebook.net log.pinterest.com ad.doubleclick.net ups.analytics.yahoo.com ; media-src 'self' static.zdassets.com data: ; child-src 'self' blob ; script-src-elem 'self' *.onetrust.com sslwidget.criteo.com static.criteo.net s.kmtx.io ; script-src 'self' blob: data az416426.vo.msecnd.net widget-mediator.zopim.com sslwidget.criteo.com *.onetrust.com gateway.zscloud.net *.googlesyndication.com platform.twitter.com widget.trustpilot.com *.doubleclick.net consent.truste.com consent.trustarc.com assets.zendesk.com v2.zopim.com static.zdassets.com *.twimg.com www.gstatic.com www.google.com tpc.googlesyndication.com *.bootstrapcdn.com *.googleapis.com *.instagram.com connect.facebook.net eval: inline: s.ytimg.com *.hotjar.com *.google-analytics.com 'unsafe-eval' 'unsafe-inline' www.googleadservices.com www.googletagmanager.com www.youtube.com www.google-analytics.com embed.typeform.com data: s.yimg.com sp.analytics.yahoo.com ; style-src platform.twitter.com *.googleapis.com inline: 'self' 'unsafe-inline'; report-uri https://eurotunnel.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.uk&source%5Bsection%5D=brochure&source%5Buuid%5D=fe1b3e1ae85b015a8fc735316cd2c83c 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dwolla.com dtlilztwypawv.cloudfront.net *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleads.g.doubleclick.net *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.adroll.com *.adnxs.com *.googleadservices.com *.yahoo.com *.bidswitch.net *.twitter.com *.rlcdn.com *.connexity.net static.chartbeat.com *.akamai.net *.optimizely.com *.cdngc.net *.iovation.com pi.pardot.com px.ads.linkedin.com snap.licdn.com safari-extension://* chrome-extension://* *.jobscore.com hire.withgoogle.com js-agent.newrelic.com bam.nr-data.net s0.wp.com s1.wp.com stats.wp.com widget.intercom.io a.quora.com cdnjs.cloudflare.com js.intercomcdn.com siftscience.com www.linkedin.com data:; style-src 'self' 'unsafe-inline' cdn.dwolla.com fonts.googleapis.com safari-extension://* chrome-extension://*; img-src * data:; font-src * data:; frame-src 'self' *.dwolla.com *.facebook.com *.googletagmanager.com safari-extension://* chrome-extension://* *.jobscore.com hire.withgoogle.com *.chartbeat.com platform.twitter.com; connect-src 'self' *.optimizely.com *.intercom.io status.g.doubleclick.net api.ipify.org; object-src 'self' *.cdngc.net *.iovation.com cdn.dwolla.com 1
script-src 'nonce-5CFSExhNWE0Z4d5HwAXyNQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.twitter.com *.outbrain.com bam.nr-data.net bat.bing.com *.taboola.com *.facebook.net *.facebook.com *.visualwebsiteoptimizer.com *.doubleclick.net *.hubspot.com api.hubapi.com js.hs-analytics.net js.hsadspixel.net js.hs-scripts.com js.usemessages.com js.driftt.com *.yandex.ru svc.webspellchecker.net *.newrelic.com *.linkedin.com *.leadforensics.com *.bizographics.com *.outbrain.com gateway.zscloud.net www.google-analytics.com www.google.com www.google.ch www.google.ru www.google.co.in www.google.co.jp www.google.co.uk www.google.de www.google.com.sg www.google.com.pe www.google.co.th www.google.bg www.google.at https://www.google.es www.googleadservices.com www.googletagmanager.com *.gravatar.com statics.teams.cdn.office.net; report-uri /csp-reports 1
script-src 'unsafe-eval' 'unsafe-inline' https: 'sha256-GZIcz60Uwd6wT3vaYke/atSr53TehbYAPepOa3d03Vw=' 'nonce-5becb0bedcb0dd927c5de01a' 'strict-dynamic' 'report-sample' ; worker-src 'self'; report-uri https://tourradar.report-uri.com/r/d/csp/reportOnly 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.blikk.hu::PROD_0_8_7_AWS 1
script-src 'unsafe-eval' 'self' fast.fonts.net www.google.com *.googleapis.com *.gstatic.com *.google-analytics.com platform.twitter.com cdn.api.twitter.com syndication.twimg.com *.facebook.net *.newrelic.com bs.serving-sys.com cdn.feedbackify.com www.googleadservices.com s.btstatic.com s.thebrighttag.com; object-src 'self' www.youtube.com maps.googleapis.com; media-src 'self' www.youtube.com; report-uri /flybuys-web/api/csp-report 1
report-uri /api/csp-report/ 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' wss://chat.20i.com:*; img-src https: 'self' data:; frame-src https: 'self' data:; 1
default-src 'none'; connect-src 'self' data: https://titanic.honeybadger.io https://*.convertkit.com/ https://*.profitwell.com https://*.usefathom.com/ https://stats.g.doubleclick.net https://www.google-analytics.com https://api.segment.io/v1/ https://*.wistia.com/x https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com/mput https://rmbutterfly.com/1661691228/ https://embedwistia-a.akamaihd.net/; font-src 'self' data: http://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com/; frame-src https://platform.twitter.com https://syndication.twitter.com https://fast.wistia.com; img-src 'self' data: https://*.profitwell.com https://*.usefathom.com/ https://honeybadger-static.s3.amazonaws.com https://docs-honeybadger.s3.amazonaws.com/ https://www.googletagmanager.com/ https://*.wistia.com/ https://www.gstatic.com https://stats.g.doubleclick.net https://ton.twimg.com https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://www.google-analytics.com https://d3aei7d2k8qp8j.cloudfront.net https://embedwistia-a.akamaihd.net https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.profitwell.com https://*.usefathom.com/ https://gist.github.com https://www.googletagmanager.com/ https://*.wistia.com https://cdn.syndication.twimg.com https://platform.twitter.com https://cdn.segment.com/analytics.js/v1/Vh0hrL9NfiyA8PXfEW4pPCQbrkG2bBAy/analytics.min.js https://fast.wistia.com/ https://identity.netlify.com/v1/netlify-identity-widget.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://github.githubassets.com/ https://platform.twitter.com https://ton.twimg.com https://fonts.googleapis.com/ https://www.gstatic.com/; media-src 'self' data: blob: https://embedwistia-a.akamaihd.net; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=c2f13350&report_only=true&env=production 1
report-uri https://o269987.ingest.sentry.io/api/1479527/security/?sentry_key=07c1468f690340efa6f22f9adb9cbca6&sentry_environment=prod&sentry_release=web-2820;default-src https: data: blob: wss: bankid: chrome-extension:;script-src https: data: blob: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-inline';frame-src https: data: ms-appx-web: mailto: tel: 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.co.uk ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.co.uk *.spreadshirt.co.uk ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.co.uk ; font-src 'self' https: data: *.spreadshirt.co.uk ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.co.uk ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.co.uk ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' 'unsafe-inline' data: blob: ssl.kaptcha.com *.vimeo.com *.bluesnap.com *.ccdc02.com *.google-analytics.com *.google.com *.g.doubleclick.net *.googleadservices.com *.guardiosecurity.com *.facebook.net *.facebook.com *.googlesyndication.com *.googletagmanager.com *.bing.com secure.adnxs.com *.cardinalcommerce.com fullstory.com *.fullstory.com *.typekit.net *.quora.com *.guard.io *.paypal.com *.gstatic.com; img-src * data: blob:; report-uri https://guard.io/v2/api/csp 1
frame-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://player.vimeo.com https://www.ukraine.com.ua https://adm.tools https://apis.google.com https://accounts.google.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'report-sample'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com;  default-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data: https://www.facebook.com https://m.facebook.com https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.com.ua https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net blob: 'self'; ; connect-src https://auth.adm.tools https://adm.tools https://portal.adm.tools https://www.ukraine.com.ua https://cdn.ukraine.com.ua:* wss://cdn.ukraine.com.ua:* https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.adm.tools http://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://www.facebook.com https://www.facebook.com; report-uri https://sentry.adm.tools/api/4/security/?sentry_key=cd4a73d9e9a3475187c201c24a2c4576 1
child-src 'self'; connect-src 'self' https://*.amazonaws.com https://*.are.na https://*.cloudfront.net https://*.google-analytics.com https://*.pusher.com wss://*.pusherapp.com; default-src 'self'; font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.cloudfront.net https://*.gstatic.com; frame-src 'self' https://*.are.na https://*.embedly.com https://*.google.com https://*.instagram.com https://*.s3.amazonaws.com https://*.stripe.com https://*.vimeo.com; img-src 'self' data: http://*.gstatic.com https://*.are.na https://*.cloudfront.net https://*.ctfassets.net https://*.google-analytics.com https://*.gstatic.com https://*.s3.amazonaws.com https://*.ytimg.com https://gravatar.com; manifest-src 'self'; media-src 'self' http://*.gstatic.com https://*.gstatic.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.gstatic.com https://*.are.na https://*.cloudfront.net https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.pusher.com https://*.stripe.com https://instant.page; style-src 'self' 'unsafe-inline' https://*.are.na https://*.cloudfront.net; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_c2f690c70bd2203791fa5b65771c7bbb 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://spy.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' cactusvpn.com www.cactusvpn.com billing.cactusvpn.com; report-uri https://75943a29954faa0d1b365a52c248c905.report-uri.com/r/d/csp/reportOnly; 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' *.signaturehardware.com initjs.rfk.signaturehardware.com *.rfksrv.com cdn.pdst.fm cdn.curalate.com tpc.googlesyndication.com c.zmags.com *.affirm.com s.go-mpulse.net *.authorize.net *.bazaarvoice.com *.cloudfront.net *.cloudmaestro.com *.criteo.com *.criteo.net *.listrakbi.com *.pepperjam.com *.pinterest.com *.steelhousemedia.com c.z-analytics.net code.jquery.com widget-mediator.zopim.com bam.nr-data.net bat.bing.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net js-agent.newrelic.com maps.googleapis.com pinterest.adsymptotic.com pixel.mathtag.com platform.houzz.com s.pinimg.com services.listrak.com static.chartbeat.com static.site24x7rum.com static.zdassets.com tracking.deepsearch.adlucent.com v2.zopim.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.signaturehardware.com www.youtube.com pixel.snapsmedia.io boards.greenhouse.io s.ytimg.com edge.curalate.com nexus.ensighten.com mpsnare.iesnare.com cdn.noibu.com getrockerbox.com cdns.brsrvr.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.przegladsportowy.pl::info_2-1-X-AWS-2 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: techport.ru *.techport.ru https://vk.com https://*.vk.com https://cdn.api.twitter.com https://www.odnoklassniki.ru https://odnoklassniki.ru https://ok.ru https://connect.ok.ru https://facebook.com https://*.facebook.com https://connect.facebook.net https://yandex.ru https://*.yandex.ru https://ya.ru https://yandex.st https://yastatic.net https://*.yadro.ru https://webvisor.com https://mc.webwisor.org https://google.com https://*.google.com https://google.ru https://*.google.ru https://translate.google.cn https://*.googleapis.com https://*.googleadservices.com https://googletagservices.com https://*.googletagservices.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://gstatic.com https://*.gstatic.com https://*.googlesyndication.com https://*.mail.ru https://top-fwz1.mail.ru https://youtube.ru https://*.youtube.ru https://youtube.com https://*.youtube.com https://s.ytimg.com https://*.criteo.net https://*.criteo.com https://video.bosch-pt-video.com https://uc.xddi.ru https://techport-st.cdn.ngenix.net https://demoup.com https://*.demoup.com https://pickpoint.ru https://*.flixfacts.com https://*.flixcar.com https://*.flix360.com https://logo.flixfacts.co.uk https://media.flixsyndication.net https://*.doubleclick.net https://www.alexa.com https://*.alexa.com https://ssp.rambler.ru https://profile.ssp.rambler.ru https://*.paymentgate.ru https://*.robokassa.ru https://*.sandbox.paypal.com https://*.paypal.com https://paypal.com https://www.paypal.com https://*.mkb.ru https://*.rbsuat.com https://*.begun.ru https://newrelic.com https://*.newrelic.com https://bam.nr-data.net https://api.flocktory.com https://techport.api.sociaplus.com https://flv.isitetv.com; report-uri //www.techport.ru/csp; report-to //www.techport.ru/csp; 1
script-src 'nonce-8FQcGHnLMNrL_i-B9oalqw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.sg&source%5Bsection%5D=brochure&source%5Buuid%5D=7629ce4f1207734887a0cb694220bf9c 1
default-src https:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://www.preloved.co.uk/t/csp-report; 1
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https:; report-uri /report-mixed-content 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' * *.dropboxusercontent.com *.google-analytics.com *.facebook.net *.facebook.com *.twitter.com *.hatena.ne.jp *.st-hatena.com *.google.com *.slidesharecdn.com *.slideshare.net *.wufoo.com *.mathjax.org *.wistia.com *.wistia.net *.mailchimp.com speakerd.herokuapp.com speakerdeck.com; font-src 'self' https: data: https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; report-uri https://idobata.io/hook/custom/81016439-cd32-48b3-9d3b-990beb56a868 1
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp:; report-uri /csp-report 1
report-uri https://r4com.report-uri.io/r/default/csp/reportOnly 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.shopperapproved.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://www.shopperapproved.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://www.shopperapproved.com https://direct.shopperapproved.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://www.yelp.com/csp_report_only?id=2f2aea059aa32a54&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601013942; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src 'self' *.youtube.com; frame-src 'self' *.youtube.com *.twitter.com *.google.com *.facebook.com *.wowza.com http://wowzaprod123-i.akamaihd.net; style-src 'self' 'unsafe-inline' https://fast.fonts.net *.typekit.net *.twitter.com *.twimg.com *.wowza.com *.icontact.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.youtube.com *.twitter.com *.twimg.com *.facebook.net *.cloudflare.com https://secure.adnxs.com *.demandbase.com *.icontact.com *.gstatic.com *.google.com *.wowza.com; img-src 'self' data: *.youtube.com  https://aepcdn.com *.twitter.com *.google-analytics.com *.twimg.com *.twimg.com *.facebook.com https://secure.adnxs.com *.demandbase.com https://aep-power.tsyawshost.com *.icontact.com http://prod-railsapp.s3.amazonaws.com; connect-src 'self' http://wowzaprod123-i.akamaihd.net *.wowza.com https://americanelectric2018tf.q4web.com; media-src 'self' http://wowzaprod123-i.akamaihd.net *.youtube.com blob: ; font-src 'self' https://use.typekit.net data: ; 1
report-uri https://www.yelp.com/csp_report_only?id=daca2397bb277493&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601011008; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
report-uri https://www.yelp.com/csp_report_only?id=7bc73d86807988d9&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601041564; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
frame-src 'self' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://player.vimeo.com https://www.ukraine.com.ua https://adm.tools https://apis.google.com https://accounts.google.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com;  default-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.facebook.com https://m.facebook.com https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.com.ua https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net blob: 'self'; ; connect-src https://auth.adm.tools https://adm.tools https://portal.adm.tools https://www.ukraine.com.ua https://cdn.ukraine.com.ua:3004 wss://cdn.ukraine.com.ua:3004 https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.adm.tools http://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://www.facebook.com https://www.facebook.com; report-uri https://sentry.adm.tools/api/4/security/?sentry_key=cd4a73d9e9a3475187c201c24a2c4576 1
report-uri https://www.yelp.com/csp_report_only?id=f92958f3ff03f398&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601015572; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
font-src *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.snapchat.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://woobox.com https://js.stripe.com https://www.google.com *.doubleclick.net https://www.youtube.com *.facebook.com *.snapchat.com *.emjcd.com *.dotomi.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.connect.facebook.net *.boxycharm.com *.collect.igodigital.com *.outbrain.com *.google.by *.paypal.com 'self' data: *.doubleclick.net *.google.com *.pinterest.com *.bing.com *.postcodeanywhere.co.uk *.reddit.com *.cdnwidget.com *.facebook.com *.boxytest.com *.boxypreprod.com *.googletagmanager.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.gstatic.com *.facebook.net *.collect.igodigital.com *.outbrain.com *.stridespark.com https://js.braintreegateway.com https://c.paypal.com/ *.google.com https://woobox.com/ *.pcapredict.com *.googletagmanager.com *.pinimg.com *.bing.com *.alooma.com *.getambassador.com *.fullstory.com *.cloudfront.net *.cdnwidget.com *.doubleclick.net https://youtube.com/ *.newrelic.com *.nr-data.net *.ravelin.net *.postcodeanywhere.co.uk https://mbsy.co/ *.treasuredata.com *.yimg.com https://sc-static.net/ *.stackadapt.com *.yahoo.com *.carthook.com *.jquery.com *.tiktok.com *.ipstatp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.gstatic.com *.googleapis.com *.postcodeanywhere.co.uk *.srv.stackadapt.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.tt.omtrdc.net *.srv.stackadapt.com *.cardinalcommerce.com https://payments.sandbox.braintree-api.com https://origin-analytics-sand.sandbox.braintree-api.com https://www.paypal.com *.fullstory.com *.pinterest.com *.alooma.com *.cloudflare.com *.nr-data.net *.postcodeanywhere.co.uk *.ravelin.net *.grin.co *.google-analytics.com *.braintreegateway.com *.cdnbasket.net *.cdnwidget.com *.getambassador.com *.pusherapp.com *.yimg.com *.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=A1QAP3MOU4173J:sid=355-5511530-2865055:rid=FCBWQ486NZNC74X1HAZW:sn=www.audible.co.jp 1
font-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com www.gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com www.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com www.googleapis.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.fr ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.fr *.spreadshirt.fr ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.fr ; font-src 'self' https: data: *.spreadshirt.fr ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.fr ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.fr ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src https:; connect-src https: wss:; font-src https: data: mediastream:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob: data:; script-src-elem 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; worker-src https: blob:; report-uri https://www.zoner.com/__scripts/cspreport.aspx; 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.google.com accounts.google.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com accounts.google.com www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: www.google.com accounts.google.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com cdn.ampproject.org raw.githubusercontent.com www.google.com accounts.google.com connect.facebook.net twitter.com platform.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org www.google.com accounts.google.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:; media-src https: blob: data:; child-src https: blob:; report-uri https://sentry.io/api/72071/csp-report/?sentry_key=4fb747b409644084ba393c5ab7399d16; 1
default-src https: 'self' 'unsafe-inline';   1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.fr&source%5Bsection%5D=brochure&source%5Buuid%5D=4dfc68ac1218132b0af90598ab3d0a4c 1
default-src data: https://partners.akbars.ru https://apps.akbars.ru https://sravni.go2cloud.org https://www.akbars.ru https://fonts.gstatic.com https://mc.yandex.ru https://yandex.ru https://api-maps.yandex.ru https://stats.g.doubleclick.net https://www.google-analytics.com https://google-analytics.bi.owox.com https://dadata.ru https://suggestions.dadata.ru 'self'; script-src blob: data: https://partners.akbars.ru https://apps.akbars.ru https://ajax.aspnetcdn.com https://sitesearch-suggest.yandex.ru https://yandex.ru https://site.yandex.net https://api-maps.yandex.ru https://*.maps.yandex.net https://mc.yandex.ru https://clck.yandex.ru https://yastatic.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://code.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://partners.akbars.ru https://apps.akbars.ru https://fonts.googleapis.com https://yastatic.net 'self' 'unsafe-inline'; img-src blob: data: https://partners.akbars.ru https://apps.akbars.ru https://mc.yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.net https://yastat.net https://yastatic.net https://yandex.st https://yandex.ru https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://www.googletagmanager.com https://www.google-analytics.com https://google-analytics.bi.owox.com https://stats.g.doubleclick.net https://www.google.ru https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com 'self'; frame-src https://api-maps.yandex.ru https://www.facebook.com https://www.youtube.com 'self'; upgrade-insecure-requests; report-uri https://www.akbars.ru/csp_report/ 1
default-src 'none'; connect-src https://cdn-ukwest.onetrust.com https://links.services.disqus.com https://ds-aksb-a.akamaihd.net https://services.postcodeanywhere.co.uk https://colres.sitelabweb.com https://api.247-inc.net https://api.bazaarvoice.com https://api.particularaudience.com https://bam.nr-data.net https://ct.pinterest.com https://d1af033869koo7.cloudfront.net https://in.particularaudience.com https://tie.247-inc.net https://ws.sessioncam.com https://www.facebook.com https://www.google-analytics.com 'self'; font-src data: https://cdn.habitat.co.uk https://fonts.gstatic.com 'self'; form-action https://r1.dmtrk.net https://hps.datacash.com https://syndication.twitter.com https://www.facebook.com 'self'; frame-ancestors 'self'; frame-src 'self' https://disqus.com https://r1.dotdigital-pages.com https://*.fls.doubleclick.net https://d1af033869koo7.cloudfront.net https://platform.twitter.com https://staticxx.facebook.com https://syndication.twitter.com https://wkxppshj-qx.global.ssl.fastly.net https://www.facebook.com https://www.google.com; img-src data: https://az.sitelabweb.com https://c.disquscdn.com https://referrer.disqus.com https://photos-eu.bazaarvoice.com https://www.awin1.com https://display.ugc.bazaarvoice.com https://network-eu.bazaarvoice.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://www.zenaps.com https://khms0.googleapis.com https://khms1.googleapis.com https://abs.twimg.com https://bam.nr-data.net https://cdn.habitat.co.uk https://colrep.sitelabweb.com https://colres.sitelabweb.com https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://i.pinimg.com https://maps.googleapis.com https://maps.gstatic.com https://pbs.twimg.com https://platform.twitter.com https://r1.trackedweb.net https://ssl.google-analytics.com https://syndication.twitter.com https://ws.sessioncam.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk 'self' https://www.zenaps.com; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' https://az.sitelabweb.com https://cdn-ukwest.onetrust.com https://c.disquscdn.com https://r1.dotdigital-pages.com https://analytics-static.ugc.bazaarvoice.com https://api.bazaarvoice.com https://apps.nexus.bazaarvoice.com https://display.ugc.bazaarvoice.com https://network-eu.bazaarvoice.com https://cdn.480app.com https://colres.sitelabweb.com https://habit11118.pcapredict.com https://sainsburys.ca.assist.247-inc.net https://services.postcodeanywhere.co.uk https://ajax.googleapis.com https://assets.pinterest.com https://bam.nr-data.net https://cdn.habitat.co.uk https://cdn.particularaudience.com https://cdn.syndication.twimg.com https://connect.facebook.net https://d1af033869koo7.cloudfront.net https://d2oh4tlt9mrke9.cloudfront.net https://ds-aksb-a.akamaihd.net https://googleads.g.doubleclick.net https://habitatblog.disqus.com https://js-agent.newrelic.com https://kiybdhzql-g.global.ssl.fastly.net https://log.pinterest.com https://maps.googleapis.com https://platform.twitter.com https://r1-t.trackedlink.net https://s.pinimg.com https://ssl.google-analytics.com https://static.trackedweb.net https://webinsight.s3.amazonaws.com https://widgets.pinterest.com https://wkxppshj-qx.global.ssl.fastly.net https://ws.sessioncam.com https://www.dwin1.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com 'self' https://www.ist-track.com; style-src 'unsafe-inline' 'self' https://plaform.twitter.com https://c.disquscdn.com https://display.ugc.bazaarvoice.com https://fonts.googleapis.com https://services.postcodeanywhere.co.uk https://cdn.habitat.co.uk; worker-src blob:; report-uri https://www.habitat.co.uk/csp-report 1
report-uri https://www.yelp.com/csp_report_only?id=a44f9f2d9b1ab7d7&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601006769; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src 'self'; child-src https://www.youtube-nocookie.com https://*.twitter.com; connect-src 'self' https://*.qmee.com https://*.qmree.com wss://*.qmee.com wss://*.qmree.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://api2.branch.io https://d3pkntwtp2ukl5.cloudfront.net/; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://d1s51etp8bktk6.cloudfront.net; frame-ancestors https://*.qmee.com; frame-src https://www.youtube-nocookie.com https://*.twitter.com https://*.facebook.com https://tpc.googlesyndication.com; img-src 'self' data: https://*.twimg.com https://*.twitter.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://www.gstatic.com https://d30s7yzk2az89n.cloudfront.net https://www.google.com https://www.google.co.uk https://translate.googleapis.com https://translate.google.com https://googleads.g.doubleclick.net https://i.ytimg.com https://d3t2iypqerjd0u.cloudfront.net https://d1s51etp8bktk6.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://platform.twitter.com https://cdn.syndication.twimg.com https://ajax.googleapis.com https://www.google-analytics.com https://js-agent.newrelic.com https://www.gstatic.com https://bam.nr-data.net https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://translate.googleapis.com https://tpc.googlesyndication.com https://cdn.branch.io https://app.link/ https://cdn.scripts.qmee.com https://d3t2iypqerjd0u.cloudfront.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.twitter.com https://www.gstatic.com https://translate.googleapis.com https://d3t2iypqerjd0u.cloudfront.net https://d1s51etp8bktk6.cloudfront.net; report-uri https://csp-report.qmee.com/csp_report_violations 1
default-src 'unsafe-eval' 'unsafe-inline' blob blob: data: https: wss:; block-all-mixed-content; report-uri /csp.php?h=f743080d&v=4 1
default-src 'none';img-src 'self' data: an.yandex.ru yastatic.net mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv  mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com  mc.webvisor.org;font-src 'self';child-src mc.yandex.ru;connect-src 'self' *.adfox.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org;frame-src 'self' mc.yandex.ru;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval' yastatic.net mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org 'unsafe-inline';report-uri https://csp.yandex.net/csp?from=adfox; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu https://app-script.monsido.com https://tracking.monsido.com https://code.jquery.com https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.yoshki.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu  https://app-script.monsido.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://cdn.yoshki.com *.google.com *.gstatic.com; object-src 'self'; img-src 'self' *.usercentrics.eu  *.monsido.com http://reedsmith.vuture.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.yoshki.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' *.usercentrics.eu;frame-ancestors 'self' *.usercentrics.eu  https://tracking.monsido.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; report-uri https://d347b8264a61d229bec175972d08ae24.report-uri.io/r/default/csp/enforce 1
report-uri https://www.yelp.com/csp_report_only?id=145aa6f86ba73949&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601001250; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
child-src 'self'; connect-src 'self' http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.hotjar.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amplitude.com https://*.cloudflare.com https://*.contentful.com https://*.delighted.com https://*.facebook.com https://*.fullstory.com https://*.g.doubleclick.net https://*.getsentry.com https://*.githubusercontent.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.herokuapp.com https://*.hotjar.com https://*.hotjar.com:12443 https://*.intercom.io https://*.intercomcdn.com https://*.lever.co https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.segment.io https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.wistia.com https://github.com https://heapanalytics.com https://sumo.com https://twitter.com ws://*.hotjar.com wss://*.appcues.net wss://*.hotjar.com wss://*.intercom.io; default-src 'self'; font-src 'self' chrome-extension: data: http://*.sqreen.io https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.gstatic.com https://*.intercomcdn.com https://*.sqreen.com https://*.sqreen.io https://*.twimg.com https://*.wistia.com https://github.com; frame-src 'self' 'unsafe-inline' http://*.appcues.com http://*.g.doubleclick.net http://*.hotjar.com https://*.akamaihd.net https://*.amazonaws.com https://*.appcues.com https://*.facebook.com https://*.g.doubleclick.net https://*.hotjar.com https://*.recurly.com https://*.sqreen.com https://*.twitter.com https://*.typeform.com https://*.wistia.com https://headway-widget.net ws://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.adnxs.com http://*.facebook.net http://*.g.doubleclick.net http://*.google-analytics.com http://*.google.com http://*.googleadservices.com http://*.googletagmanager.com http://*.prfct.co http://*.sqreen.io http://heapanalytics.com http://t.co https://*.addthis.com https://*.adnxs.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.b-cdn.net https://*.clearbit.com https://*.cloudfront.net https://*.ctfassets.net https://*.facebook.com https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ae https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.br https://*.google.com.mx https://*.google.com.ph https://*.google.com.sg https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.se https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.linkedin.com https://*.marinsm.com https://*.openx.net https://*.prfct.co https://*.reddit.com https://*.rubiconproject.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.twimg.com https://*.twitter.com https://*.univide.com https://*.wistia.com https://*.yahoo.com https://heapanalytics.com https://sqreen-assets.s3-eu-west-1.amazonaws.com https://sumo.com https://t.co https://twitter.com; manifest-src 'self' https://*.sqreen.com; media-src 'self' https://*.akamaihd.net https://*.cloudfront.net https://*.intercomcdn.com https://*.wistia.com; object-src 'self' https://*.akamaihd.net https://*.wistia.com; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.ads-twitter.com http://*.appcues.com http://*.facebook.net http://*.g.doubleclick.net http://*.getdrip.com http://*.google-analytics.com http://*.googleadservices.com http://*.googletagmanager.com http://*.heapanalytics.com http://*.hotjar.com http://*.perfectaudience.com http://*.prfct.co http://*.segment.com http://*.sqreen.io http://heapanalytics.com https://*.ads-twitter.com https://*.ads.linkedin.com https://*.akamaihd.net https://*.amazonaws.com https://*.amplitude.com https://*.appcues.com https://*.b-cdn.net https://*.bufferapp.com https://*.cloudflare.com https://*.cloudfront.net https://*.facebook.net https://*.fullstory.com https://*.g.doubleclick.net https://*.getdrip.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.headwayapp.co https://*.heapanalytics.com https://*.herokuapp.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.jquery.com https://*.licdn.com https://*.linkedin.com https://*.marketo.net https://*.perfectaudience.com https://*.pinterest.com https://*.prfct.co https://*.recurly.com https://*.reddit.com https://*.redditstatic.com https://*.segment.com https://*.sqreen.com https://*.sqreen.io https://*.sumo.com https://*.timekit.io https://*.twitter.com https://*.typeform.com https://*.wistia.com https://fullstory.com https://heapanalytics.com https://reddit.com https://twitter.com ws://*.hotjar.com wss://*.hotjar.com wss://*.intercom.io; style-src 'self' 'unsafe-inline' http://*.appcues.com http://*.sqreen.io http://heapanalytics.com https://*.amazonaws.com https://*.appcues.com https://*.b-cdn.net https://*.cloudflare.com https://*.cloudfront.net https://*.googleapis.com https://*.sqreen.com https://*.sqreen.io https://*.twitter.com https://heapanalytics.com; worker-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/f637ed5d-4ac6-441d-a0f5-04c3d7e976c4; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: secure-ds.serving-sys.com use.typekit.net tags.tiqcdn.com s.ytimg.com pc2-datacloud.tealiumiq.com www.youtube.com ajax.googleapis.com tag.demandbase.com polyfill.io bs.serving-sys.com maxcdn.bootstrapcdn.com h.online-metrix.net hooru.regence.com bam.nr-data.net js-agent.newrelic.com snap.licdn.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maxcdn.bootstrapcdn.com; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: hooru.regence.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maxcdn.bootstrapcdn.com use.typekit.net; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.typekit.net beonbrand.getbynder.com maxcdn.bootstrapcdn.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: api.company-target.com pc2-collect.tealiumiq.com www.cambiahealthplanapis.com bam.nr-data.net hooru.regence.com apis.cambiahealth.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: regence.secure.force.com hooru.regence.com h.online-metrix.net www.shop.regence.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: px.ads.linkedin.com www.facebook.com match.prod.bidr.io use.typekit.net hooru.regence.com beonbrand.getbynder.com segments.company-target.com pc2-datacloud.tealiumiq.com images.ctfassets.net; form-action  www.regence.com; report-uri /csp_report 1
frame-ancestors 'self'; report-uri https://qnhknc5np9.execute-api.us-east-1.amazonaws.com/prod/csp-report 1
report-uri https://www.yelp.com/csp_report_only?id=c46b9e779d85cc30&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601038596; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
report-uri https://www.yelp.com/csp_report_only?id=dca22639e3d8f715&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601016280; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src 'none'; img-src *; frame-src *; script-src 'strict-dynamic' 'nonce-rAnd0m123' 'unsafe-inline' http: https:; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'self'; report-uri https://www.tyan.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https:; report-uri /data/csp 1
report-uri https://www.yelp.com/csp_report_only?id=997d0a71d851d81a&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601042679; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
report-uri https://www.yelp.com/csp_report_only?id=ade31b1c2688cad3&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601043509; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src https: 'unsafe-inline' 'unsafe-eval' https://*.zopim.com wss://*.zopim.com https://*.zopim.io; img-src data: https:; font-src https:; report-uri /csp-report-uri; report-to csp-endpoint 1
report-uri https://www.yelp.com/csp_report_only?id=eb7bb1008ce16c41&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601011190; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src 'self' cas.avalon.perfdrive.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; frame-src 'self' blob: www.facebook.com connect.facebook.net www.google.com www.googletagmanager.com www.empruntis.com player.vimeo.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; img-src data: blob: www.google.com www.googletagmanager.com www.google.fr www.google-analytics.com stats.g.doubleclick.net www.facebook.com gl.hostcg.com api.mapbox.com static.intercomassets.com maps.googleapis.com maps.gstatic.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; child-src blob:; media-src *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; script-src 'unsafe-inline' 'unsafe-eval' polyfill.io www.google-analytics.com maps.googleapis.com www.gstatic.com www.google.com www.googletagmanager.com connect.facebook.net *.realytics.io cdn-eu.realytics.net gl.hostcg.com actorssl-5637.kxcdn.com js-agent.newrelic.com bam.nr-data.net *.perfdrive.com *.algolia.net *.algolianet.com widget.intercom.io js.intercomcdn.com d3js.org code.highcharts.com/highcharts.js *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; connect-src 'self' api.realytics.io m.realytics.io sentry.io *.mapbox.com tile.meilleursagents.com stats.g.doubleclick.net www.google-analytics.com bam.nr-data.net *.perfdrive.com statcache-5637.kxcdn.com www.facebook.com *.algolia.net *.algolianet.com api-iam.intercom.io *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; font-src 'self' fonts.gstatic.com js.intercomcdn.com *.meilleursagents.com *.meilleursagents.org *.meilleursagents.tech; worker-src blob:; report-uri /csp-report 1
default-src 'self' 'unsafe-inline' *.voxcinemas.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleapis.com *.jquery.com *.facebook.net *.facebook.com fburl.com *.crazyegg.com *.ads-twitter.com *.twitter.com t.co *.doubleclick.net *.criteo.net *.criteo.com *.sc-static.net *.snapchat.com *.youtube.com *.ytimg.com *.instagram.com *.cdninstagram.com *.gstatic.com *.placeholder.com xid.alzahia.ae xid.carrefournow.com xid.carrefouruae.com xid.citycentredeira.com xid.citycentremirdif.com xid.maffinance.com xid.majidalfuttaim.com xid.malloftheemirates.com xid.tilalalghaf.com xid.najm.ae xid.waterfrontcity.com *.voxcinemas.com; report-uri /security/csp 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' exeter.edu *.cincopa.com  www.google-analytics.com cdn.ckeditor.com www.google.com cse.google.com www.googleapis.com www.googletagmanager.com support.ebscohost.com ajax.googleapis.com maxcdn.bootstrapcdn.com bam.nr-data.net js-agent.newrelic.com code.jquery.com www.youtube.com s.ytimg.com platform.instagram.com static.tagboard.com platform.twitter.com cdn.syndication.twimg.com calendar.exeter.edu connect.facebook.net  siteimproveanalytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' exeter.edu *.cincopa.com cdn.ckeditor.com www.google.com platform.twitter.com; img-src 'self' data: *.cincopa.com cdn.ckeditor.com www.google.com cse.google.com www.google-analytics.com www.googleapis.com clients1.google.com syndication.twitter.com pbs.twimg.com www.facebook.com stats.g.doubleclick.net *.siteimprove.com; media-src 'self' ; frame-src www.google.com www.youtube.com player.vimeo.com *.exeter.edu cse.google.com www.googletagmanager.com www.instagram.com embeds.tagboard.com platform.twitter.com syndication.twitter.com youtube.com; font-src 'self' data: cincopa.com; connect-src 'self' *.cincopa.com www.google-analytics.com syndication.twitter.com; report-uri /report-csp-violation 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob:; report-uri /_resources/php/csp-report.php 1
default-src 'self'; script-src 'report-sample' 'self' platform.istagram.com cdn.mathjax.org platform.twitter.com cdn.syndication.twimg.com cdnjs.cloudflare.com connect.facebook.net www.googletagmanager.com www.google-analytics.com; sandbox allow-popups allow-scripts allow-same-origin allow-top-navigation allow-forms allow-modals allow-popups-to-escape-sandbox allow-presentation; img-src * data:; style-src * 'unsafe-inline'; font-src * data: about:; media-src *; frame-src * data:; report-uri https://peda.net/:reportcspviolation 1
frame-ancestors 'self'; frame-src 'self' a15928870500.cdn.optimizely.com d168ry9k9aor0i.cloudfront.net *.stripe.com *.sagepay.com *.bws.birst.com *.facebook.com *.pendo.io; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/reportOnly 1
report-uri https://www.yelp.com/csp_report_only?id=e1233c4138d91b16&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601000268; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' ospreypublishing.com *.googletagmanager.com *.hotjar.com www.google-analytics.com platform.twitter.com cdn.syndication.twimg.com *.facebook.net *.google.com www.gstatic.com *.cloudmaestro.com 1
font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.esu.edu https://*.meritpages.com;default-src  'self';connect-src 'self' https://*.hotjar.com https://*.hotjar.io https://*.libchat.com https://fonts.googleapis.com https://*.fontawesome.com https://www.google.com https://www.google-analytics.com/j/collect https://ems.admin.esu.edu/MasterCalendar/RSSFeeds.aspx https://quantum.esu.edu/ https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.google-analytics.com wss://*.hotjar.com;font-src 'self' data: https://*.fontawesome.com https://*.hotjar.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com;frame-src https://*.doubleclick.net https://*.facebook.com https://*.youvisit.com https://cse.google.com https://docs.google.com https://e.issuu.com https://esumediasite.passhe.edu https://insight.adsrvr.org https://match.adsrvr.org https://platform.twitter.com https://quantum.esu.edu/ https://syndication.twitter.com https://secure-ds.serving-sys.com https://tpc.googlesyndication.com https://widgets.pacollegetransfer.com https://vars.hotjar.com https://www.google.com/maps/ https://www.googletagmanager.com https://www.youtube.com https://w3.cdn.anvato.net;img-src 'self'  data: *;script-src 'strict-dynamic' 'self'  'nonce-dHVHbTh4MkxVaVZHSlA5bVkyMi8vZz09' 'sha256-SV0NVxJcDlP/fCfnDBlvuZ4GJIQm7FOBfj2voZ5WFQ4=' 'sha256-01Ye2pawPepoRQi0W3fGog5wluX/sO7LxR/iyLwrSs4=' 'sha256-9M3QWwW8rGylG4Ec/mXguiAxdQqT554rs1MuWBaEPo8=' 'sha256-7RpyAYatoSU+nzCphqsSO8XuGK94NDpPfctuU5nO5B4=' 'sha256-ubSZeVOR9WN7JesrXdbyma0DTjPVebDIzuBPcxLLZRM=' 'sha256-782D6t1Ttvw323BTi7sUAlFjKZjNnufiwQzJSi1NdTA=' https://*.hotjar.com https://api.flickr.com https://cdn.syndication.twimg.com/ https://connect.facebook.net https://fast.wistia.net https://googleads.g.doubleclick.net https://js.adsrvr.org https://kit.fontawesome.com https://platform.twitter.com https://quantum.esu.edu https://siteimproveanalytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://v2.libanswers.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youvisit.com;style-src 'self' 'unsafe-inline' https://cdn-images.mailchimp.com https://fonts.googleapis.com https://kit-pro.fontawesome.com/releases/latest/css/pro.min.css https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css https://platform.twitter.com/css/ https://quantum.esu.edu/instagram-feed-pro-standalone/instagram-feed/css/sb-instagram-standalone-3.1.min.css https://tagmanager.google.com https://ton.twimg.com https://www.google.com/cse/;report-uri https://w914pa7t.uriports.com/reports/report;	 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ws: wss *.vodafone.ie *.netlify.app maps.googleapis.com ajax.googleapis.com *.gstatic.com twitter.com www.facebook.com tags.tiqcdn.com www.parkingtag.ie www.gari.info www.apple.com hello.donedeal.ie xd.wayin.com www.w3.org youtu.be www.umlaut.com consumer.huawei.com www.itrs.ie play.google.com itunes.apple.com www.linkedin.com www.vodafone.com www.comreg.ie www.buygamecredit.com eshop.v.vodafone.com support.google.com www.vodafonexlevelup.com vodafonexlevelup.com img.youtube.com coveragemap.comreg.ie vodafonefaf.ie www.itrs.ie careers.vodafone.com www.youtube.com universaldesign.ie www.irma.ie www.dublinairport.com www.facebook.com v.vodafone.com www.hmdglobal.com wmstatic.global.ssl.fastly.net safeavenue.f-secure.com www.just-eat.ie www.samsung.com support.apple.com www.vodafone.com www.inhope.org get.adobe.com offers.vodafone.com headbomz.ie onenet.vodafone.com support.microsoft.com www.vodafonefaf.ie twitter.com www.samsung.com vodafone.irishrugby.ie staymobile.ie www.vodafonecashback.com www.sanebox.com www.hotline.ie www.cnn.com pixel-offers.co.uk vodafonefaf.ie www.hse.ie www.checkmend.com www.butlerschocolates.com www.microsoft.com www.onepagecrm.com www.zimperium.com track.anpost.ie live.vodafone.com www.huaweipromo.co.uk www.tradedoubler.com www.anpost.ie www.ec.europa.eu www.studiocoast.com.au www.dropbox.com vfie.speedtestcustom.com nvodafone.ie apps.apple.com www.vodafonefaf.ie www.apple.com samsung.com 20202.samsungpromotions.claims www.ispai.ie www.umlaut.com www.promotions.fairphone.com www.nokia.com 10.163.135.120 www.gov.ie servicechecker.comreg.ie personalbanking.bankofireland.com vodafone.canterbury.com help.yahoo.com www.dataprivacy.ie www.sky.com accessories-22.myshopify.com ie-mktg.vodafone.com kinsta.com www.vodafonecash.com www.samsungcashback.com futurejobsfinder.vodafone.com www.comreg.ie www.tclpromotions.com myeasypay.com ie.linkedin.com webgate.ec.europa.eu www.whydesign.ie www.tradedoubler.com www.butlerschocolates.com www.ethicalconsumer.org www.ispcc.ie edition.cnn.com staymobile.ie www.yourreadybusiness.co.uk www.hotline.ie money.cnn.com www.dataprotection.ie www.actiview.io www.operateremote.com windows.microsoft.com signup.paloaltonetworks.com www.mckinsey.com www.cisco.com get.adobe.com myeasypay.com tags.tiqcdn.com www.libertyhumanrights.org.uk www.phonesmart.ie www.5gruralfirst.org www.tclcom.com start.vodafone.com fiksukalasatama.fi www.pixelpod.ie vfglogin.vodafone.com www.mattgriffin.online www.winterready.ie omniturecom.112.2o7.net www.obrien.ie www.inhope.org www2.deloitte.com www.irishexaminer.com www.centralbank.ie www.thebuildingblock.ie www.irishtimes.com www.aboutcookies.org onedrive.live.com img.en25.com offers.vodafone.com itunes.apple.com www.samsungcashback.com servicechecker.comreg.ie www.kippy.eu www.siliconrepublic.com guce.yahoo.com ec.europa.eu gstatic.com www.anpost.com www.mozilla.org www.f-secure.com 46.22.130.115 www.netflix.com www.statustoday.com support.apple.com business.vodafone.com community.office365.com www.podtrackers.com www.dublinairport.com allaboutcookies.org www.patagonia.com asiam.ie www.fao.org www.checkmend.com bit.ly www.britannica.com www.portershed.com www.abodoo.com buffer.com www.spotify.com www.fieldfisher.com www.just-eat.ie trackimo.com www.promotions.fairphone.com www.un.org www.handsfreehectare.com www.firetrade.ie netgear.com www.sky.com vfsustreport.ie siro.ie www.ispcc.ie medium.com www.parentline.ie personalbanking.bankofireland.com www.huaweipromo.co.uk accounts-emea.f-secure.com www.telecomitalia.com  events.paloaltonetworks.com www.icloud.com vodafone.digitalmagazines.online www.iubenda.com promotions.fairphone.com fonts.googleapis.com portershed.com ad.doubleclick.net ajax.googleapis.com consent.yahoo.com www.anpost.com support.mozilla.org www.operateremote.com www.patagonia.com www.spotify.com firetrade.ie api.developer.vodafone.com whydesign.ie blog.statustoday.com www.googleadservices.com content.lon5.atomz.com www.dataprotection.ie www.obrien.ie www.ethicalconsumer.org www.handsfreehectare.com www.thebuildingblock.ie www.fonfix.ie www.netgear.com help.netflix.com www.instagram.com www.fonfix.com samsungcashback.com prd.offers.vodafone.com djeniwjzq77re.cloudfront.net display.engagesciences.com idgw.vodafone.com www.gruppotim.it portershed.com support.office.com promotions.fairphone.com operateremote.com partners.vodafone.com fls.doubleclick.net support.spotify.com start.vodafone.com www.google.com www.googleadservices.com fonts.googleapis.com ie-chat.ext.vodafone.com optanon.blob.core.windows.net geolocation.onetrust.com was.vodafone.ie connect.facebook.net *.hotjar.com vodafoneirl.tt.omtrdc.net gcpsmapi.vodafone.com nebula-cdn.kampyle.com udc-neb.kampyle.com s1525.t.eloqua.com dpm.demdex.net vodafoneirl.demdex.net cm.everesttech.net a1.adform.net s2.adform.net c1.adform.net privacyportal-eu.onetrust.com wa.vodafone.ie bpvx.vodafone.ie; 1
report-uri https://www.yelp.com/csp_report_only?id=e5ee1204aef23bd1&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601043921; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
report-uri https://www.yelp.com/csp_report_only?id=f3dca0f8e6eeca67&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601002219; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
img-src https://pp.vk.me https://special.astrobl.ru https://www.astrobl.ru https://*.yandex.ru https://*.astrakhan.ru stat.sputnik.ru *.rambler.ru; script-src 'unsafe-inline' 'unsafe-eval' https://special.astrobl.ru https://thj.astrakhan.ru https://www.astrobl.ru *.yandex.ru gosmonitor.ru *.rambler.ru stat.sputnik.ru; style-src 'unsafe-inline' https://special.astrobl.ru https://www.astrobl.ru; font-src https://special.astrobl.ru https://www.astrobl.ru; media-src https://www.youtube.com https://vk.com; 1
default-src 'self' www.youtube.com www.cut-e.net www.maptq.com fastpath.isvinternet.com op.scharley.ch; script-src 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self'; img-src data: https:;  style-src 'unsafe-inline' https:; media-src 'self' vidassess.blob.core.cloudapi.de vidassessprod.blob.core.cloudapi.de vidstorage.maptq.com; font-src data: https: 1
script-src 'self' 'unsafe-inline' 'nonce-RNMfxMjsKv9pgoZP8CqhDgQgAWOLDbJX' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://cdn.botframework.com 'strict-dynamic' nonce-RNMfxMjsKv9pgoZP8CqhDgQgAWOLDbJX; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://www.google-analytics.com http://*.vetsgov-internal https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content  ; form-action 'self' https://vicbdc.vba.va.gov https://feedback.digital-cloud-gov.voice.medallia.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ; 1
default-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'self' http: https: 'nonce-oPei1J6cY1sVmbHIL+ZgQZtv3vaMHiUA4yeCq8OAIlU='; connect-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://kirkanta.kirjastot.fi https://museot.fi http://map-api.finna.fi https://map-api.finna.fi https://analytics.finna.fi; font-src 'self' data:; base-uri 'self'; manifest-src 'self'; 1
report-uri https://www.yelp.com/csp_report_only?id=31e8529cd307cc3e&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601042618; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* wss://* data:;                                                report-uri https://homestay.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'blob' blob: http://blog-cms.weddingz.in https://code.getmdl.io https://assets.pinterest.com https://graph.facebook.com *.s3.amazonaws.com https://api.instagram.com https://api.pinterest.com https://connect.facebook.net *.cloudfront.net https://ds-aksb-a.akamaihd.net *.googleapis.com *.gstatic.com *.criteo.com *.criteo.net https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://m.weddingz.in https://media.weddingz.in https://js-agent.newrelic.com https://assets.oyoroomscdn.com https://maxcdn.bootstrapcdn.com https://weddingz.in https://www.youtube.com https://tagmanager.google.com *.instagram.com https://instagram; report-uri /private_apis/content-security-violation/ 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' acsbap.com api.swiftype.com www.googleadservices.com s.dca0.com api.braintreegateway.com www.paypalobjects.com s.pinimg.com static.hotjar.com script.hotjar.com js-agent.newrelic.com *.webscalenetworks.net cdn.attn.tv sn.dca0.com bam.nr-data.net cdn4.forter.com d.adroll.com script.crazyegg.com cdn.listrakbi.com s1.listrakbi.com rum-static.pingdom.net s.swiftypecdn.com amiclubwear.com *.amiclubwear.com use.fontawesome.com shareasale-analytics.com apis.google.com *.cloudmaestro.com *.lagrangesystems.net d.adroll.mgr.consensu.org s.adroll.com *.facebook.net *.facebook.com *.cloudfront.net www.googletagmanager.com www.google-analytics.com www.gstatic.com googleads.g.doubleclick.net bat.bing.com m1.listrakbi.com amiclubwear.happyfox.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
report-uri https://www.yelp.com/csp_report_only?id=1674c25d04d5311a&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601008361; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
report-uri https://www.yelp.com/csp_report_only?id=b9dcf516c6baea8b&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601010770; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.fotbollskanalen.se; report-uri https://csp-report.b17g.net/ 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.br&source%5Bsection%5D=brochure&source%5Buuid%5D=a3d2b051ad0f0babe25dbdcdc7e8d8bf 1
default-src 'self'; report-uri /admin/config/system/seckit/csp-report 1
frame-ancestors topface.com *.topface.com vk.com *.vk.com http://mail.ru http://*.mail.ru https://mail.ru https://*.mail.ru ok.ru *.ok.ru renren.com *.renren.com apps.facebook.com; report-uri /csp-report/; 1
child-src 'self'; connect-src 'self' https://*.amazonaws.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.intercom.io https://*.recurly.com https://grsm.io https://luxins.net https://t.co wss://*.intercom.io; default-src 'self'; font-src 'self' https://*.gstatic.com https://*.intercomcdn.com; frame-src 'self' https://*.fls.doubleclick.net https://*.google.com https://*.googletagmanager.com https://*.recurly.com https://calendly.com https://intercom-sheets.com; img-src 'self' https://*.ads.linkedin.com https://*.adsymptotic.com https://*.amazonaws.com https://*.cake.hr https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.al https://*.google.at https://*.google.be https://*.google.bg https://*.google.by https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.co.il https://*.google.co.in https://*.google.co.kr https://*.google.co.ma https://*.google.co.th https://*.google.co.uk https://*.google.co.za https://*.google.com https://*.google.com.au https://*.google.com.co https://*.google.com.ec https://*.google.com.eg https://*.google.com.hk https://*.google.com.mx https://*.google.com.na https://*.google.com.ng https://*.google.com.ph https://*.google.com.sg https://*.google.com.tr https://*.google.com.ua https://*.google.com.vn https://*.google.cz https://*.google.de https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.hr https://*.google.ie https://*.google.it https://*.google.je https://*.google.kz https://*.google.lt https://*.google.lv https://*.google.md https://*.google.mg https://*.google.nl https://*.google.no https://*.google.pl https://*.google.pt https://*.google.rs https://*.google.ru https://*.google.se https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.linkedin.com https://calendly.com https://heapanalytics.com https://t.co; manifest-src 'self'; media-src 'self' https://*.intercomcdn.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ads-twitter.com https://*.amazonaws.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.facebook.net https://*.g2crowd.com https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googletagmanager.com https://*.growsumo.com https://*.gstatic.com https://*.heapanalytics.com https://*.intercom.io https://*.intercomcdn.com https://*.licdn.com https://*.polyfill.io https://*.recaptcha.net https://*.recurly.com https://*.twitter.com https://calendly.com wss://*.intercom.io; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.recurly.com https://calendly.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_f1ac5da5f5994eed09328dd361e90afe 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fapp_listings&source%5Buuid%5D=441ae8b7d0b885460ad50b918cc518ec 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://netdna.bootstrapcdn.com https://optimize.google.com https://static.syukatsulabo.jp; img-src * blob: data: https://www.google-analytics.com https://optimize.google.com; font-src 'self' https://fonts.gstatic.com https://static.syukatsulabo.jp https://use.fontawesome.com https://netdna.bootstrapcdn.com https://s3-ap-northeast-1.amazonaws.com data: https://cdnjs.cloudflare.com; frame-src 'self' https://www.facebook.com https://staticxx.facebook.com https://www.googletagmanager.com https://web.facebook.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/ https://www.dmm.com/ https://optimize.google.com; connect-src 'self' https://log.syukatsulabo.jp https://www.google-analytics.com https://stats.g.doubleclick.net https://api.ipify.org https://s3-ap-northeast-1.amazonaws.com https://static.syukatsulabo.jp tag-api.dmm.com/v1.0 stg-tag-api.dmm.com/v1.0 https://trac.i3.dmm.com/ https://stg-trac-i3.dmm.com/ https://stg-trac.i3.syukatsulabo.jp; script-src 'report-sample' 'nonce-e/sfhvWPze9jvNTZ9iTjiafKYdM=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; report-uri https://syukatsunet.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://19bba7008ff399c64da2bc7f455a3431.report-uri.com/r/d/csp/reportOnly 1
report-uri https://www.yelp.com/csp_report_only?id=42182bfa7bacd1fb&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1600999051; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src 'self';                  frame-src 'self' lpcdn.lpsnmedia.net;                  frame-ancestors 'self';                  connect-src 'self' *.australiansuper.com;                  font-src 'self' 'unsafe-inline' data: *.azurewebsites.net *.australiansuper.com fonts.googleapis.com fonts.gstatic.com cloud.typography.com;                  img-src 'self' *.azurewebsites.net *.australiansuper.com www.google-analytics.com *.doubleclick.net www.google.com www.google.com.au;                  media-src 'self' data:;                  object-src 'none';                  script-src 'self' 'unsafe-inline' *.azurewebsites.net *.australiansuper.com www.googletagmanager.com www.google-analytics.com *.liveperson.net *.liveperson.com *.youtube.com s.ytimg.com accdn.lpsnmedia.net;                  style-src 'self' 'unsafe-inline' *.azurewebsites.net *.australiansuper.com fonts.googleapis.com cloud.typography.com; 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.mx&source%5Bsection%5D=brochure&source%5Buuid%5D=848fadeb8723a68482cf108537a5ddbc 1
default-src 'self' https://static.zdassets.com https://ekr.zdassets.com https://shulware.zendesk.com wss://shulware.zendesk.com wss://*.zopim.com; script-src 'self' 'unsafe-inline' https://static.zdassets.com https://ekr.zdassets.com https://shulware.zendesk.com *.google-analytics.com www.gstatic.com ajax.googleapis.com www.google.com www.googleadservices.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' ajax.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' https://v2assets.zopim.io https://static.zdassets.com data: https://ssl.google-analytics.com https://ajax.googleapis.com; frame-src www.youtube.com www.google.com; connect-src 'self'  https://ekr.zdassets.com https://shulware.zendesk.com wss://*.zopim.com; media-src 'self' https://static.zdassets.com; report-uri /callback/csp-report.php; 1
default-src *.pharm24.gr data:; frame-src *.googletagmanager.com *.dco.gr *.disqus.com *.linkwi.se *.adsrvr.org *.google.com *.googlesyndication.com *.agkn.com *.facebook.net *.facebook.com *.youtube.com *.cookiebot.com *.aimtell.com; img-src * data: *.pharm24.gr *.youtube.com *.facebook.com trustmark.gr; script-src 'self' *.pharm24.gr *.googleapis.com *.google.com *.cloudflareinsights.com *.cloudflare.com *.disquscdn.com *.shareaholic.com *.stackpathcdn.com *.cloudfront.net *.adsrvr.org *.instagram.com *.ampproject.org *.googlesyndication.com *.disqus.com *.cookiebot.com trustmark.gr *.agkn.com *.zdassets.com *.trustmark.gr *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.com connect.facebook.net *.facebook.net googleads.g.doubleclick.net *.doubleclick.net *.zopim.com *.linkwi.se s3.amazonaws.com *.amazonaws.com *.aimtell.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.pharm24.gr *.bootstrapcdn.com 'unsafe-inline'; worker-src 'self' *.aimtell.com; font-src 'self' *.stats.pharm24.gr *.pharm24.gr *.gstatic.com *.bootstrapcdn.com *.stackpathcdn.com *.zopim.com data:; connect-src *.googlesyndication.com *.trustmark.gr *.ampproject.org *.google.com *.google.gr *.disqus.com *.shareaholic.net backup.pharm24.gr:* *.pharm24.gr *.doubleclick.net *.google-analytics.com *.agkn.com *.zdassets.com  *.amazonaws.com *.facebook.com *.aimtell.com wss://widget-mediator.zopim.com; report-uri https://g0rhndej.uriports.com/reports/report 1
default-src 'self' 'unsafe-inline' data: blob: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.googleapis.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com *.facebook.com *.facebook.net *.youtube.com yout.be *.ytimg.com player.vimeo.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com secure.gravatar.com; worker-src 'self'; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
default-src https: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; frame-ancestors 'self'; base-uri https: data:;  object-src 'self'; font-src https: data:; script-src 'nonce-848ae9f3-d97c-4231-a55b-a2e551a8e382' https: 'unsafe-inline' 'unsafe-eval'; report-uri https://ort.wellsfargo.com/reporting/csp 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' ws: *.nexiuslearning.com *.google-analytics.com *.etitan.hu *.googletagmanager.com *.googleapis.com *.gstatic.com  *.google.com *.bootstrapcdn.com *.extremenet.hu stats.g.doubleclick.net www.youtube-nocookie.com; report-uri https://etitancsp.azurewebsites.net/api/eTitanCSP; 1
default-src 'none'; base-uri 'none'; worker-src 'none'; manifest-src 'none'; media-src 'none'; object-src 'self'; frame-ancestors 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-src 'self' https://captcha.riigiteataja.ee; img-src 'self' https://ssl.google-analytics.com; script-src 'self' https://ssl.google-analytics.com; style-src 'self'; report-uri /csp; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.fenwick.com https://polyfill.io https://*.trustarc.com https://*.googletagmanager.com http://*.googletagmanager.com https://*.vidyard.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://*.tableau.com https://*.marketo.com https://*.marketo.net https://*.facebook.com https://*.google-analytics.com https://connect.facebook.net https://static.ads-twitter.com https://snap.licdn.com https://siteimproveanalytics.com https://cdns.gigya.com https://*.linkedin.com; img-src 'self' data: https://*.fenwick.com https://*.trustarc.com https://d1eksjbjozyyuf.cloudfront.net https://d371187ayxlni9.cloudfront.net https://*.vidyard.com https://*.twimg.com https://*.twitter.com https://*.siteimproveanalytics.io https://*.linkedin.com https://t.co https://*.facebook.com https://*.facebook.net https://p.adsymptotic.com https://*.google-analytics.com https://*.googletagmanager.com http://*.googletagmanager.com https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://*.fenwick.com https://*.twitter.com https://*.twimg.com https://*.gstatic.com https://*.ytimg.com https://connect.facebook.net; font-src 'self' data: https://*.fenwick.com https://*.slidesharecdn.com https://*.gstatic.com; object-src 'self' https://*.fenwick.com; child-src 'self' https://*.fenwick.com; frame-src 'self' https://*.fenwick.com https://*.vidyard.com https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.tableau.com https://fenwick-postalice.tenrec.com https://*.slideshare.net https://*.gigya.com https://*.facebook.com https://*.trustarc.com; connect-src 'self' https://*.fenwick.com https://*.algolia.net https://*.algolianet.com https://*.craftcms.com https://*.google-analytics.com https://*.mktoresp.com https://*.linkedin.com https://*.facebook.com https://*.mktoutil.net https://*.mktoutil.com; report-uri https://a44cafc111449d022be8860ffeb9f4e2.report-uri.com/r/d/csp/wizard 1
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' data: https:; img-src 'self' blob: data: https: http:; media-src 'self' https:; worker-src 'self' https://zenkit.com https://*.zenkit.com; frame-src https: blob:; frame-ancestors https:; connect-src 'self' https: wss:; object-src 'self' https://djtflbt20bdde.cloudfront.net; manifest-src 'none'; base-uri 'self'; form-action 'self' https:; report-uri /csp-report 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com/; font-src 'self' data: https://fonts.gstatic.com/; img-src 'self' data: https://www.google-analytics.com/; media-src 'self' https://projectlombok.org/; script-src 'self' 'sha256-H639OXZXKP0j2o4p/B40Znp/sDbQKrAYH8hMr+jDUEg=' https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; block-all-mixed-content; frame-ancestors 'none'; form-action 'self'; report-uri https://projectlombok.report-uri.com/r/d/csp/reportOnly 1
font-src 'self' fonts.gstatic.com script.hotjar.com; img-src 'self' maps.googleapis.com maps.gstatic.com www.facebook.com data script.hotjar.com ssl.google-analytics.com stats.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' connect.facebook.net dl.episerver.net maps.googleapis.com player.vimeo.com s.ytimg.com www.youtube.com s7.addthis.com az416426.vo.msecnd.net ssl.google-analytics.com static.hotjar.com v1.addthis.com v1.addthisedge.com www.googletagmanager.com px.ads.linkedin.com script.hotjar.com snap.licdn.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com addtocalendar.com; connect-src 'self' s7.addthis.com v1.addthis.com vc.hotjar.io www.facebook.com in.hotjar.com; style-src-attr 'unsafe-inline';report-uri https://6cfee9ad2f0a0f5886b889b97f0c1e3e.report-uri.com/r/d/csp/wizard 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com polyfill.io https://wurfl.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net https://wurfl.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://maxcdn.bootstrapcdn.com 'self' data:  https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.iglobalstores.com/ https://v2.zopim.com/ 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' https://www.full30.com https://s7.addthis.com https://player.vimeo.com https://www.google.com https://widget-prime.rafflecopter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://bat.bing.com https://track.hubspot.com https://stats.g.doubleclick.net https://sca1.listrakbi.com store.paradoxlabs.com 'self' https://mediacdn.espssl.com https://www.xtento.com/media/images/ https://*.listrakbi.com https://www.google.com https://www.google.com.ua https://store.paradoxlabs.com https://cdn.klarna.com https://tracking.avantlink.com https://bam.nr-data.net https://www.googletagmanager.com https://v2.zopim.com data: https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://s1.listrakbi.com https://at1.listrakbi.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://cdn.listrakbi.com https://www.googletagmanager.com https://bat.bing.com https://f.vimeocdn.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.avmws.com https://m1.listrakbi.com https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://jstest.authorize.net https://*.addthis.com https://v1.addthisedge.com https://z.moatads.com https://ssl.avmws.com https://bat.bing.com/bat.js https://js-agent.newrelic.com https://bam.nr-data.net https://player.vimeo.com https://widget-prime.rafflecopter.com https://js.hs-banner.com/ https://v2.zopim.com https://static.zdassets.com https://widget-mediator.zopim.com/ https://js.authorize.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://maxcdn.bootstrapcdn.com https://cdn.listrakbi.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google-analytics.com https://apitest.authorize.net https://api2.authorize.net https://js.authorize.net https://jstest.authorize.net js.authorize.net jstest.authorize.net 'self' https://api2.authorize.net/ https://m.addthis.com https://bat.bing.com https://bam.nr-data.net/ https://bat.bing.com/ https://ekr.zdassets.com/ https://stats.g.double.analytics.js https://assets.iglobalstores.com/ wss://widget-mediator.zopim.com/ https://*.listrak.com/ https://*.listrakbi.com/ https://stats.g.doubleclick.net/ 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests ; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://464b711251f54c909b7a68dbb569ad3b.myssl-uri.com/api/csp-report 1
default-src 'self' https:; img-src 'self' https: assets.braintreegateway.com checkout.paypal.com bam.nr-data.net staging.shirtspace.com data:; font-src 'self' *.typekit.net d2tic578h94r8u.cloudfront.net *.gstatic.com *.googleapis.com data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net *.googlecommerce.com *.newrelic.com bam.nr-data.net *.braintreegateway.com www.paypalobjects.com c.paypal.com widget.trustpilot.com connect.facebook.net graph.facebook.com bat.bing.com s.yimg.com sp.analytics.yahoo.com *.addthis.com m.addthisedge.com *.pinterest.com device.maxmind.com *.typekit.net cdn.jsdelivr.net *.honeybadger.io *.inspectlet.com *.freshchat.com *.ckeditor.com d2tic578h94r8u.cloudfront.net 'nonce-/6azYWC7msI5Otyxessa0g=='; style-src 'self' d2tic578h94r8u.cloudfront.net *.googleapis.com *.typekit.net *.freshchat.com *.ckeditor.com 'unsafe-inline'; child-src 'self' assets.braintreegateway.com c.paypal.com; frame-src 'self' assets.braintreegateway.com *.paypal.com widget.trustpilot.com www.facebook.com *.g.doubleclick.net *.google.com *.googletagmanager.com s7.addthis.com assets.pinterest.com www.youtube.com *.freshchat.com player.vimeo.com; connect-src 'self' *.braintreegateway.com 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.braintree-api.com checkout.paypal.com *.pinterest.com *.mmapiws.com widget.trustpilot.com *.typekit.net m.addthis.com *.honeybadger.io www.facebook.com *.inspectlet.com s.yimg.com http://localhost:3035 ws://localhost:3035 wss://ws.inspectlet.com/ d2tic578h94r8u.cloudfront.net strict-dynamic; report-uri /csp_reports 1
default-src 'self'; style-src 'self'; script-src 'self' https://cdn.segment.com; img-src 'self' https://drift-prod-file-uploads.s3.amazonaws.com  https://driftt.imgix.net; font-src 'self'; report-uri https://drift.report-uri.com/r/d/csp/wizard 1
default-src 'self' wss://ws.salecycle.com;script-src 'unsafe-inline' 'unsafe-eval' blob: data: gap: *;style-src 'unsafe-inline' blob: data: gap: *;font-src 'self' data: https:; img-src 'self' data: https:; connect-src *; frame-src *; object-src *; frame-ancestors 'self' *.ariba.com; report-uri /reporting/csp-report 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net 'unsafe-inline'; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com; frame-src https://www.youtube.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://d1zgo1sldfmewy.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=139-8271795-5398540:rid=8F88083518094BE2BD74:sn=www.amazongames.com 1
default-src  https: http:            data:               wss://*.forter.com           'unsafe-inline' 'unsafe-eval';        connect-src  https: http:            wss://*.forter.com;        frame-ancestors 'self'            https: http:           *.czs.org             172.21.2.30            www.chasepaymentechhostedpay.com       object-src  'self';       img-src   'unsafe-eval' 'unsafe-inline'            data:           blob:           *;       font-src  'self'           data: https: http:           *.typekit.net;       script-src  'unsafe-eval' 'unsafe-inline'            blob:           data:           https: http:           'self'              emarketing.activenetwork.com             d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com              d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com              d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com               kpstat.forter.com:7043               www.google.com              maps.google.com              maps.googleapis.com               ssl.google-analytics.com               www.google-analytics.com               www.gstatic.com                embed.idonate.com               use.typekit.net                               cdn-js.net                cdnjs.cloudflare.com             d35u1vg1q28b3w.cloudfront.net             partners.cmptch.com               static.cmptch.com                         scriptcdn.net                             auctioneer.50million.club                 m.addthis.com                s7.addthis.com                 m.addthisedge.com             lkysearchex3688-a.akamaihd.net                analyticspage.tools                apiurl.org                appsource.cool                countmake.cool                fp166.digitaloptout.com                eluxer.net                mirextpro.com                 z.moatads.com               secure.myshopcouponmac.com                payperclickadz.com               cdn.pmqzads.com                qdatasales.com            widget-prime.rafflecopter.com                srvvtrk.com               pwm-image.trendmicro.com              gateway.zscloud.net;       style-src  'unsafe-eval' 'unsafe-inline'            'self'                accessibility-bookmarklets.org                 emarketing.activenetwork.com                      cdnjs.cloudflare.com               use.fontawesome.com                fonts.googleapis.com                hello.myfonts.net               pwm-image.trendmicro.com;       report-uri   https://bzcsp.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data: https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://cts.communicationads.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://*.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de; script-src 'strict-dynamic' 'nonce-f217701fb796e49755b6953fdab27951' 'nonce-deac592745c9564bbf74ad918bfb7052' 'nonce-77ec32ae5d9537db820eb0bf65311b59' 'nonce-79a5b01e9c3544e5231a4e4b8928ec84' 'nonce-ea3ba6373f170b6aec790d78489e49e1' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://connect.facebook.net https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de https://*.demdex.net https://pts.winsim.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com https://*.demdex.net; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-f217701fb796e49755b6953fdab27951' 'nonce-deac592745c9564bbf74ad918bfb7052' 'nonce-77ec32ae5d9537db820eb0bf65311b59' 'nonce-79a5b01e9c3544e5231a4e4b8928ec84' 'nonce-ea3ba6373f170b6aec790d78489e49e1' 'self' https: 'report-sample' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.hk&source%5Bsection%5D=brochure&source%5Buuid%5D=d2c7f22850ca198d5bf9ac15ed6cde44 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' a.omappapi.com *.youtube.com *.omappapi.com analytics.twitter.com s.ytimg.com ajax.googleapis.com fast.fonts.net a.opmnstr.com ajax.googleapis.com cdnjs.cloudflare.com connect.facebook.net s.ytimg.com snap.licdn.com static.ads-twitter.com www.google-analytics.com www.googletagmanager.com www.youtube.com cdnjs.cloudflare.com; style-src 'unsafe-inline' 'self' fast.fonts.net https://fast.fonts.net https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.ucweb.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com *.omappapi.com https://aspen-ideas-festival-staging-latest.s3.us-east-2.amazonaws.com; font-src 'self' data: *.fonts.net fast.fonts.net fonts.gstatic.com; frame-src 'self' *.googletagmanager.com www.facebook.com www.youtube.com; img-src 'self' blob: data: *.google.com www.gstatic.com *.omappapi.com https://p.adsymptotic.com https://www.linkedin.com https://t.co https://aspenideasestivalstaging.imgix.net https://aspenideasfestival.imgix.net *.ytimg.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://aspen-ideas-festival-production.s3.us-east-2.amazonaws.com https://aspen-ideas-festival-staging-latest.s3.us-east-2.amazonaws.com http://audio.simplecast.com https://audio.simplecast.com https://cdn.simplecast.com; report-uri https://o272706.ingest.sentry.io/api/5423593/security/?sentry_key=e6c73e6c8d3e4adcada43a9ef065de83; worker-src 'none'; 1
default-src 'self' cityofhenderson.com test.cityofhenderson.com www.cityofhenderson.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cityofhenderson.com test.cityofhenderson.com www.cityofhenderson.com translate.google.com www.google-analytics.com www.livehelpnow.net ajax.googleapis.com translate.googleapis.com maps.googleapis.com; img-src 'self' cityofhenderson.com test.cityofhenderson.com www.cityofhenderson.com www.google-analytics.com *.gstatic.com translate.googleapis.com www.google.com www.livehelpnow.net; style-src 'self' 'unsafe-inline' cityofhenderson.com test.cityofhenderson.com www.cityofhenderson.com fonts.googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com ajax.googleapis.com; font-src 'self' cityofhenderson.com test.cityofhenderson.com www.cityofhenderson.com fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-src www.youtube.com; form-action 'self' cityofhenderson.com test.cityofhenderson.com www.cityofhenderson.com *.list-manage.com; report-uri https://coh.report-uri.io/r/default/csp/reportOnly 1
font-src data: *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.bazaarvoice.com *.worldpay.com *.nosto.com *.consensu.org *.ometria.com *.demdex.net *.youtube.com *.sitescout.com *.doubleclick.net *.pixel.ad *.veinteractive.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.bazaarvoice.com *.nosto.com apps.bumpyardpro.com data: images.unsplash.com source.unsplash.com *.ryman.co.uk *.robertdyas.co.uk *.gardencentre.co.uk *.brsrvr.com cm.everesttech.net amcglobal.sc.omtrdc.net *.behance.net www.googletagmanager.com *.ometria.com *.gstatic.com *.googleapis.com *.demdex.net *.awin1.com *.zenaps.com *.doubleclick.net *.sitescout.com *.google.com *.pixel.ad assets.robertdyas-static.co.uk 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.bazaarvoice.com *.iesnare.com *.nosto.com *.consensu.org apps.bumpyardpro.com www.googletagmanager.com *.brsrvr.com www.google.com *.cnetcontent.com *.worldpay.com *.ometria.com *.gstatic.com *.googleapis.com *.serving-sys.com *.doubleclick.net *.flx1.com *.veinteractive.com *.dwin1.com *.criteo.com static.cloudflareinsights.com *.criteo.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.bazaarvoice.com *.cnetcontent.com apps.bumpyardpro.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src apps.bumpyardpro.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.bazaarvoice.com *.nosto.com *.consensu.org *.dxpapi.com api.edq.com amcglobal.sc.omtrdc.net *.ometria.com *.demdex.net *.serving-sys.com *.veinteractive.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data: https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://cts.communicationads.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://*.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de; script-src 'strict-dynamic' 'nonce-89f8b99585e8bae99b0476788ad99497' 'nonce-13cdb0e852691be76c94823a3c061cc4' 'nonce-23ccf493fa52438d1cb6426ed31d61b7' 'nonce-2da7d41223bdb1a2a9e6a36d93096e00' 'nonce-fd898cc37811a214be2c0f3ba65a8dff' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://connect.facebook.net https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de https://*.demdex.net https://pts.premiumsim.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com https://*.demdex.net; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-89f8b99585e8bae99b0476788ad99497' 'nonce-13cdb0e852691be76c94823a3c061cc4' 'nonce-23ccf493fa52438d1cb6426ed31d61b7' 'nonce-2da7d41223bdb1a2a9e6a36d93096e00' 'nonce-fd898cc37811a214be2c0f3ba65a8dff' 'self' https: 'report-sample' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.au&source%5Bsection%5D=brochure&source%5Buuid%5D=a7f82b5a6fd308f428795b7d0917de69 1
font-src *.authorize.net *.klevu.com fonts.gstatic.com *.googletagmanager.com *.pinterest.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.authorize.net *.klevu.com *.googletagmanager.com *.pinterest.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.addthis.com *.paypal.com *.google.com *.klevu.com *.googletagmanager.com *.youtube.com *.pinterest.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.paypal.com *.magentocommerce.com *.ytimg.com *.klevu.com *.googleadservices.com certify.alexametrics.com *.googletagmanager.com *.gunbuyer.com *.pinterest.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.authorize.net *.klevu.com *.googletagmanager.com certify-js.alexametrics.com chimpstatic.com *.google.com *.addthis.com *.gstatic.com z.moatads.com *.addthisedge.com graph.facebook.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.authorize.net *.klevu.com fonts.googleapis.com *.googletagmanager.com *.pinterest.com data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.authorize.net *.klevu.com *.googletagmanager.com *.pinterest.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'none'; base-uri 'none'; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://api-adresse.data.gouv.fr; img-src https: data:; frame-src https:; form-action 'self' https://harpe.grenoble.fr; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /include/csp.php 1
font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://pal-test.adyen.com https://pal-live.adyen.com https://test.adyen.com https://live.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://www.youtube.com https://www.google.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://pal-live.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://widget.zoorate.com https://www.feedaty.com https://assets.livestory.io https://stats.g.doubleclick.net https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://maps.gstatic.com https://mediacdn.livestory.io https://www.facebook.com https://www.googletagmanager.com *.google.com *.google.it *.cdninstagram.com *.fna.fbcdn.net data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://assets.livestory.io https://widget.zoorate.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://checkoutshopper-live.adyen.com https://www.googletagmanager.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://payments-eu.amazon.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://widget.zoorate.com https://assets.livestory.io https://ai.feedaty.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://assets.livestory.io https://api.livestory.io https://ai.feedaty.com https://bam.nr-data.net https://stats.g.doubleclick.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  *.cloudmaestro.com global.prd.borderfree.com tpc.googlesyndication.com www.jamesperse.com static.jamesperse.com *.turn.com *.appspot.com server.iad.liveperson.net connect.facebook.net ajax.googleapis.com www.googletagmanager.com bat.bing.com ut.rd.linksynergy.com *.listrakbi.com tag.rmp.rakuten.com lptag.liveperson.net www.google-analytics.com raw.githubusercontent.com *.yimg.com *.akamaized.net *.coremetrics.com ut.ra.linksynergy.com resources.xg4ken.com services.listrak.com sp.analytics.yahoo.com lptag.liveperson.net *.lpsnmedia.net va.v.liveperson.net va-s.c.liveperson.net js-agent.newrelic.com *.adroll.com bam.nr-data.net assets.pinterest.com tags.mediaforge.com d.adroll.mgr.consensu.org intljs.rmtag.com suggest.instantsearchplus.com wm.prd.borderfree.com www.google.com www.googleadservices.com services.xg4ken.com 113.xg4ken.com 1
script-src 'nonce-Wu0CtB3tJ5sc61gmanawPA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
report-uri https://www.yelp.com/csp_report_only?id=a67516c406dcf7fc&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1600999152; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
report-uri https://logs-01.loggly.com/inputs/4e92d8a9-baa6-4559-82e2-05428d10fa7b/tag/csp; report-to default 1
default-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn.jsdelivr.net https://code.jquery.com https://cdn.datatables.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://mkto-chatbot-svc.s3.amazonaws.com https://app-ab27.marketo.com https://go.globallogic.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://connect.facebook.net https://snap.licdn.com https://js.intercomcdn.com https://widget.intercom.io https://js-agent.newrelic.com https://bam.nr-data.net; worker-src blob:; img-src 'self' data: blob: https:; connect-src 'self' https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; object-src 'none'; font-src 'self' data: https://candyfonts.com https://fonts.gstatic.com https://js.intercomcdn.com; media-src 'self' data:; report-uri https://gerritua.report-uri.com/r/d/csp/reportOnly 1
script-src 'nonce-bO5BgYyuY3Ynp_G-jtJVzg' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-578dea3f9fc64292a89719835cf466c5' 'sha384-7uqQfGVKWAthYOKjE4CToVZDjNGO+rxLDL5sFo1HUI3u+vwLmAinEM0/LcURoj1h' 'sha256-spTpc4lvj4dOkKjrGokIrHkJgNA0xMS98Pw9N7ir9oI=' 'sha384-4FS9nLDjKOPIgz/SgGvZV4C8RHHRyRP1Fb6ZW/XH/o8PFaviPmgzLc6kOS2GQ87x' 'sha384-3vojR0D/VZNPM9rutbkAQlVZeDVrc50TkyBVfVpqoZzVQpWA65x5mQXOij0vt2Cu' 'sha384-VI5+XuguQ/l3kUhh4knz7Hxptx47wpQbVRDnp8v7Vvuhzwn1PEYb/uvtH6KLxv6d' 'report-sample'; object-src 'none'; base-uri 'self'; connect-src https://doordash.com https://analytics.google.com https://api.amplitude.com https://ct.pinterest.com https://p.tvpixel.com https://api.segment.io https://bat.bing.com https://www.facebook.com https://sentry.io https://bam.nr-data.net https://page-service-qa.doordash.com https://page-service.doordash.com https://cdn.doordash.com https://tn.alphonso.tv https://s3-design-language-system.cdn4dd.com https://logx.optimizely.com https://*.optimizely.com https://www.google-analytics.com https://www.doordash.com https://stats.g.doubleclick.net https://www.google-analytics.com https://order.online https://*.order.online https://preview.trycaviar.com https://staging.trycaviar.com https://qa.trycaviar.com/ https://www.trycaviar.com https://trycaviar.com https://www.google.com https://client-analytics.braintreegateway.com https://api.braintreegateway.com https://payments.braintree-api.com https://wwww.google.ca https://wwww.google.com.au https://api.doordash.com https://api-consumer-client.doordash.com https://www.paypal.com; frame-ancestors 'self'; report-uri https://sentry.io/api/5175049/security/?sentry_key=c269bf7b8bc44929b43bbb29e11cece5&sentry_environment=prod; worker-src 'none' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.everplans.com js-agent.newrelic.com bam.nr-data.net pi.pardot.com a248.e.akamai.net downloads.mailchimp.com mc.us7.list-manage.com *.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.googleadservices.com *.g.doubleclick.net use.typekit.net *.livechatinc.com *.addthis.com v1.addthisedge.com *.twitter.com connect.facebook.net cdn.embedly.com px.ads.linkedin.com fast.wistia.com onlinedialogue.s3.amazonaws.com snap.licdn.com try.abtasty.com; object-src 'self'; style-src 'self' 'unsafe-inline' downloads.mailchimp.com fonts.googleapis.com netdna.bootstrapcdn.com; img-src 'self' data: *.everplans.com p.typekit.net ping.chartbeat.net secure.livechatinc.com www.google.com www.googletagmanager.com stats.g.doubleclick.net i.imgur.com v1.addthis.com t.co www.facebook.com storage.pardot.com fast.wistia.com embedwistia-a.akamaihd.net; media-src 'self' blob: data: cdn.livechatinc.com embedwistia-a.akamaihd.net; frame-src 'self' *.everplans.com secure.livechatinc.com go.pardot.com *.addthis.com player.vimeo.com www.youtube.com bid.g.doubleclick.net fast.wistia.com; frame-ancestors 'self'; child-src 'self' *.everplans.com s7.addthis.com player.vimeo.com www.youtube.com bid.g.doubleclick.net fast.wistia.com; font-src 'self' data: fonts.gstatic.com use.typekit.net netdna.bootstrapcdn.com; connect-src 'self' data: *.everplans.com stats.g.doubleclick.net v1.addthis.com *.wistia.com embedwistia-a.akamaihd.net *.abtasty.com; report-uri https://everplans.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'  data: *.tnb.com *.scene7.com abbcloud.blob.core.windows.net *.abb.com *.adobedtm.com *.widencdn.net *.googleapis.com *.gstatic.com *.macromedia.com *.partcommunity.com *.tnb.ca *.vanlien.com *.vanlien.be *.vanlien.nl *.youtube.com *.paypal.com tnblnx3.tnb.com code.jquery.com googleads.g.doubleclick.net *.googleadservices.com 4817075.fls.doubleclick.net *.google.com *.google.nl *.google.be *.google-analytics.com *.api4load.com *.facebook.net *.facebook.com *.fedex.com *.ups.com *.rlcarriers.com *.cl3ver.com 199.120.203.191; report-uri https://www-public.tnb.com/cspr/ 1
default-src 'self' *.plugin-alliance.com;    script-src 'self' analytics.twitter.com cdnjs.cloudflare.com connect.facebook.net platform.twitter.com proxy-assets.churnbuster.io s.ytimg.com static.ads-twitter.com/uwt.js trackcmp.net www.google-analytics.com www.youtube.com 'unsafe-inline';    style-src 'self' cdnjs.cloudflare.com proxy-assets.churnbuster.io 'unsafe-inline';    img-src 'self' *.plugin-alliance.com analytics.twitter.com data: d26781mews02ac.cloudfront.net i.ytimg.com img.youtube.com stats.g.doubleclick.net t.co www.facebook.com www.google.de www.google-analytics.com yt3.ggpht.com;    font-src 'self' cdnjs.cloudflare.com;    connect-src 'self' stats.g.doubleclick.net www.google-analytics.com;    frame-src 'self' d271ulnm1ao6ig.cloudfront.net embed.pivotshare.com pages.churnbuster.io staticxx.facebook.com w.soundcloud.com www.facebook.com www.youtube.com;    form-action 'self' plugin-alliance.us3.list-manage.com www.facebook.com/tr/;    block-all-mixed-content;    report-uri https://pluginalliance.report-uri.com/r/d/csp/wizard 1
default-src https:;script-src https: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-inline';img-src https: data: blob:;font-src https: data:;connect-src 'self' https: blob:;report-uri /csp-report 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.cmore.se https://*.cmore.dk https://*.cmore.no; report-uri https://csp-report.b17g.net/ 1
media-src 'self' *.wistia.com *.identifix.com blob:; font-src 'self' www.identifix.com fonts.gstatic.com use.fontawesome.com data:; img-src 'self' *.doubleclick.net *.adsymptotic.com *.identifix.com *.facebook.com *.linkedin.com *.google-analytics.com *.google.com *.wistia.com www.paypalobjects.com b.6sc.co data:; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.za&source%5Bsection%5D=brochure&source%5Buuid%5D=b2f5f3de8048e21c71b001c3b3c7579d 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://blogun.report-uri.io/r/default/csp/reportOnly 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.sportico.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.google-analytics.com *.googleapis.com; script-src 'self' 'unsafe-inline' *.google-analytics.com *.googleapis.com *.googletagmanager.com *.cloudflare.com *.addthis.com *.addthisedge.com *.linkedin.com *.twitter.com; style-src 'self' 'unsafe-inline' *.googleapis.com; frame-ancestors 'self'; frame-src 'self' *.addthis.com *.addthisedge.com *.linkedin.com *.twitter.com; img-src 'self' *.google-analytics.com *.doubleclick.net *.linkedin.com *.twitter.com; font-src 'self' *.gstatic.com; connect-src 'self' *.google-analytics.com *.addthis.com *.addthisedge.com; report-uri; 1
report-uri https://sentry.io/api/221673/security/?sentry_key=3afaff7eee7146358bf291fdd649cba7 1
script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1
report-uri https://www.childcare.co.uk/app/csp-reports; default-src blob: data: https: 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.ampproject.org https://cdnjs.cloudflare.com https://code.jquery.com https://js.recurly.com https://www.gstatic.com https://ajax.googleapis.com https://oss.maxcdn.com https://connect.facebook.net https://d1l6p2sc9645hc.cloudfront.net https://*.gosquared.com https://*.childcare.co.uk https://*.trustpilot.com https://*.doubleclick.net https://cdn.ckeditor.com https://appleid.cdn-apple.com https://*.totum.com https://bat.bing.com https://www.google.com https://cdn.jsdelivr.net 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.es&source%5Bsection%5D=brochure&source%5Buuid%5D=c0c11174ceec9bf783260bbcf11b7c5b 1
default-src data: 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; media-src blob: https:; img-src https: data:; font-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; report-uri /corp_includes/report_only.php 1
default-src https:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
base-uri 'none'; script-src 'unsafe-eval' 'unsafe-inline' data: blob: http: https:; object-src 'none'; report-uri https://sentry.itgalaxy.company/api/85/csp-report/?sentry_key=1fbf25e90f114a3d83a19aa4fa432dcf 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com gulahmedshop.com *.gulahmedshop.com *.cloudfront.net z.moatads.com www.googletagmanager.com www.google-analytics.com connect.facebook.net cdn.oribi.io www.googleadservices.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.2checkout.com js.stripe.com v1.addthisedge.com 1
default-src https: 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://policy.app.cookieinformation.com https://dawa.aws.dk https://applet.danid.dk https://uk.personalcard.net https://dmcqaqmkk1tj3.cloudfront.net https://customer.cludo.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://zone-1.cdn.leadfamly.com https://facebook.com https://www.google.com https://maps.googleapis.com https://platform.linkedin.com https://www.linkedin.com https://www.gstatic.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://uk.personalcard.net https://api.brf.dk https://zone-1.cdn.leadfamly.com https://dawa.aws.dk https://fonts.googleapis.com https://api.cludo.com https://consent.app.cookieinformation.com https://www.google-analytics.com https://stats.g.doubleclick.net https://qa-api.brf.dk; img-src 'self' data: https://www.jyskebank.dk https://jyskebank.tv https://applet.danid.dk https://uk.personalcard.net https://collector.ontame.io https://zone-1.cdn.leadfamly.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.dk https://jb.jyskebank.dk https://www.gstatic.com https://maps.googleapis.com https://maps.gstatic.com; frame-src  https://policy.app.cookieinformation.com https://applet.danid.dk https://appletk.danid.dk https://jyskebank.tv https://*.jyskebank.tv https://erhverv.brf.dk https://qa-erhverv.brf.dk https://jyskebank.leadfamly.com https://www.linkedin.com ; object-src 'none'; report-uri /bdportlet-NemIDLoginPortlet/cspreport; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com; img-src 'self' stats.g.doubleclick.net www.google.com www.google.com.au www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; form-action 'self'; report-uri /csp-violations-report-endpoint; report-to null; 1
font-src https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://bootstrapcdn.com https://fonts.gstatic.com 'self' data: https://v2.zopim.com https://maxcdn.bootstrapcdn.com https://static-v.tawk.to https://*.cloudflare.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com/ https://www.securesuite.co.uk https://syndication.twitter.com https://platform.twitter.com/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://player.vimeo.com https://widget.trustpilot.com https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://pi-live.sagepay.com https://www.google.com/ https://www.securesuite.co.uk https://platform.twitter.com https://syndication.twitter.com https://secure.pay1.de https://*.klarnaservices.com https://*.zenaps.com/ https://*.cloudflare.com https://klarna-payments-eu.klarna.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.facebook.com 'self' data: https://www.sagepay.co.uk https://dsum-sec.casalemedia.com https://pixel.advertising.com https://v2.zopim.com https://sync.outbrain.com https://simage2.pubmatic.com https://ads.yahoo.com https://trc.taboola.com https://v2assets.zopim.io https://eb2.3lift.com https://x.bidswitch.net https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://pixel.rubiconproject.com https://syndication.twitter.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://cdn.jsdelivr.net https://abs.twimg.com https://*.klarnaservices.com https://*.klarnacdn.net/ https://*.tawk.to/ https://www.gstatic.com https://*.kidscavern.co.uk https://www.opayo.co.uk http://*.zenaps.com https://*.cloudflare.com https://cdn1.iconfinder.com 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com https://www.googletagmanager.com https://chimpstatic.com http://widget.trustpilot.com https://invitejs.trustpilot.com https://static.hotjar.com https://script.hotjar.com http://static.hotjar.com https://connect.facebook.net https://pixel.advertising.com https://www.google.com https://www.gstatic.com https://v2.zopim.com https://static.zdassets.com https://widget-mediator.zopim.com http://magemail.co https://pi-live.sagepay.com https://pcls1.craftyclicks.co.uk http://cdnjs.cloudflare.com http://cdn.livechatinc.com http://js.klevu.com https://secure.livechatinc.com https://maps.googleapis.com http://platform.twitter.com http://twitter.com https://cdn.syndication.twimg.com https://ict.infinity-tracking.net https://cdn.jsdelivr.net https://cdn.klarna.com https://register.feefo.com https://eu-library.klarnaservices.com https://*.klarnacdn.net http://*.google.com http://*.tidio.co https://*.tidiochat.com/ http://widget-v4.tidiochat.com https://*.dwin1.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.zenaps.com http://*.zenaps.com https://*.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://use.fontawesome.com https://bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://twitter.com https://ton.twimg.com https://maxcdn.bootstrapcdn.com http://fonts.googleapis.com https://platform.twitter.com https://cdn.jsdelivr.net https://*.googleapis.com https://*.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://widget-v4.tidiochat.com//tururu.mp3 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://use.fontawesome.com https://vc.hotjar.io https://in.hotjar.com https://api.craftyclicks.co.uk https://ekr.zdassets.com https://cdn.livechatinc.com wss://widget-mediator.zopim.com https://cdnjs.cloudflare.com https://va.tawk.to https://api.feefo.com https://vsb108.tawk.to https://ict.infinity-tracking.net https://tawk.to https://static-v.tawk.to wss://*.tawk.to https://vsb52.tawk.to *.tawk.to https://*.klarnauserservices.com https://*.klarnaevt.com wss://*.tidio.co http://*.tidiochat.com https://*.zenaps.com https://stats.g.doubleclick.net *.paypal.com https://*.cloudflare.com *.trustpilot.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /envisagecsp; report-to report-endpoint; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' tilebar.com www.tilebar.com *.nexcesscdn.net cdn.ddmanager.ru sslwidget.criteo.com cdn.searchspring.net www.roomvo.com use.fontawesome.com  www.google-analytics.com optimize.google.com *.google-analytics.com connect.facebook.net dev.visualwebsiteoptimizer.com foursixty.com *.klaviyo.com bat.bing.com www.googletagmanager.com *.liveperson.net *.listrakbi.com *.pinimg.com ad.doubleclick.net edge.fullstory.com *.criteo.net fast.a.klaviyo.com lptag.liveperson.net www.googletagservices.com *.googlesyndication.com widget.us.criteo.com *.lpsnmedia.net js-agent.newrelic.com bam.nr-data.net *.cloudmaestro.com plugin.hlbs.me static.zdassets.com *.cloudflare.com *.google.com www.gstatic.com cdn.cardknox.com www.googleoptimize.com widgets.turnto.com www.googleadservices.com widget-mediator.zopim.com 1
default-src 'self';font-src 'self' data:;style-src 'self' 'unsafe-inline';img-src vontobel-cloudbased-streaming.s3.amazonaws.com 'self' data:;script-src 'self' tags.tiqcdn.com 'nonce-t44k9jVSh47YyTW8MGXFcmab+fY=';frame-ancestors 'self';frame-src 'self';media-src vontobel-cloudbased-streaming.s3.amazonaws.com;report-uri /Csp/Report/; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://7ee2a4f517b54c13812e54076aefcb7d.myssl-uri.com/api/csp-report 1
script-src https://www.illamasqua.com https://m.illamasqua.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://pay.google.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://www.illamasqua.com/cspReport.txt; 1
child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self' *.favorengineering.com *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net; img-src 'self' amplifypixel.outbrain.com *.favorengineering.com *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net pingclock.net graph.facebook.com data:; script-src-elem 'self' 'unsafe-inline' *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io; script-src 'self' 'unsafe-eval' cdn.siftscience.com js.stripe.com maps.googleapis.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/wizard 1
default-src 'self' https://www.epay.bg https://online.epay.bg 'unsafe-inline' ; img-src 'self' data: https://www.epay.bg https://online.epay.bg ; frame-src https: ; report-uri https://www.epay.bg/csp 1
block-all-mixed-content; report-uri https://pangoly.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.boursorama.com *.boursorama-banque.com *.brsimg.com data: match.360yield.com eb2.3lift.com boursorama.admo.tv secure.adnxs.com pixel.advertising.com x.bidswitch.net dsum-sec.casalemedia.com www.google.com adservice.google.com www.google.fr *.doubleclick.net www.googleadservices.com www.googletagmanager.com nxtck.com cdn.tagcommander.com cdn.trustcommander.net bat.bing.com *.pubmatic.com eu-u.openx.net pixel.rubiconproject.com *.tradelab.fr *.exelator.com *.iadvize.com *.facebook.net *.facebook.com *.facebook.fr; base-uri 'self'; font-src 'self'; frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com; frame-src *; object-src 'none'; upgrade-insecure-requests; report-uri /reports/csp 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://static.slo-tech.com https://zy.si https://push.slo-tech.com; script-src 'self' 'unsafe-inline' https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; style-src 'self' data: 'unsafe-inline' static.slo-tech.com; img-src 'self' data: https://* http://* https://static.slo-tech.com https://oglasi.slo-tech.com https://zy.si; connect-src 'self' https://oglasi.slo-tech.com https://push.slo-tech.com wss://push.slo-tech.com ws://push.slo-tech.com; frame-src 'self' https://oglasi.slo-tech.com https://www.youtube-nocookie.com; worker-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; sandbox; report-uri https://sentry.ilol.si/api/13/security/?sentry_key=65de3269eb0548dd97bc2c45929349f4 1
upgrade-insecure-requests;  script-src 'self' googleads.g.doubleclick.net stats.g.doubleclick.net ws-na.assoc-amazon.com www.amazon.com rcm.amazon.com www.google.com apis.google.com cse.google.com www.google-analytics.com www.googletagmanager.com partner.googleadservices.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com; frame-src googleads.g.doubleclick.net stats.g.doubleclick.net ws-na.assoc-amazon.com www.amazon.com rcm.amazon.com www.google.com apis.google.com cse.google.com www.google-analytics.com www.googletagmanager.com partner.googleadservices.com pagead2.googlesyndication.com www.googleadservices.com tpc.googlesyndication.com;   object-src 'self'; form-action 'none'; frame-ancestors 'none'; report-uri https://c408453ef55b803114646d679c50ef77.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' https: http: 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com ; script-src 'unsafe-inline' https: http: 'unsafe-eval' https://www.gstatic.com ; report-uri /csp-violation/ 1
default-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; report-uri https://ramsalt.report-uri.io/r/default/csp/reportOnly 1
font-src https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; child-src 'self' https: https://cdn.ampproject.org; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://*.addthis.com https://www.googletagservices.com https://cdn.doubleverify.com; style-src 'self' https: 'unsafe-inline'; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=76103b58&report_only=true&env=production 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mtmo.wordops.eu/mtmo.js; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://img.shields.io https://netdata.wordops.eu https://mtmo.wordops.eu https://www.gstatic.com; font-src 'self' data:; media-src 'self'; object-src 'none'; prefetch-src 'self' wordops.net ga.vtbox.net; child-src 'none'; frame-src 'self'; worker-src 'self'; frame-ancestors 'self'; report-uri https://virtubox.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.de&source%5Bsection%5D=brochure&source%5Buuid%5D=25ff568d3910ad47b3aa600a02643f38 1
frame-ancestors 'self' *.salesforce.com; report-uri https://sentry.io/api/2704353/security/?sentry_key=81bd7f20e40c44acba15bc87de66fecf 1
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.bing.com https://*.crunch.uk https://*.disqus.com https://*.disquscdn.com https://*.facebook.net https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.linkedin.com https://*.pardot.com https://*.responsetap.com https://*.salesforceliveagent.com https://*.taboola.com https://*.tradedoubler.com https://*.trustpilot.com https://*.twitter.com https://*.wistia.com https://*.youtube.com https://*.ytimg.com https://*.zuko.io https://browser-update.org https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://disqus.com https://s3-eu-west-1.amazonaws.com/crunch-cdn https://tagmanager.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.disquscdn.com https://*.google-analytics.com https://*.googleapis.com https://platform.twitter.com https://tagmanager.google.com; frame-ancestors 'self' https://*.crunch.co.uk; manifest-src 'self' https://*.crunch.co.uk; default-src 'self' https://*.crunch.co.uk https://c.disquscdn.com https://disqus.com; frame-src 'self' mailto: https://*.crunch.co.uk https://*.everviz.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.googletagmanager.com https://*.highcharts.com https://*.hotjar.com https://*.pardot.com https://*.tradedoubler.com https://*.trustpilot.com https://*.twitter.com https://*.youtube.com https://disqus.com https://fast.wistia.com https://fast.wistia.net https://twitter.com; img-src 'self' data: *; connect-src 'self' https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.litix.io https://*.mixpanel.com https://*.oribi.io https://*.responsetap.com https://*.salesforceliveagent.com https://*.sessioncam.com https://*.taboola.com https://*.tradedoubler.com https://*.trustpilot.com https://*.wistia.com https://*.zuko.io https://bat.bing.com https://disqus.com https://embedwistia-a.akamaihd.net wss://*.hotjar.com; object-src 'self' blob: https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com; media-src 'self' blob: data: https://*.cloudinary.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; font-src 'self' data: chrome-extension: https://fonts.gstatic.com https://script.hotjar.com; report-to /platform-api/csp-violations/report/; report-uri /platform-api/csp-violations/report/; 1
style-src-elem 'unsafe-inline' 'self'; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net cookie-cdn.cookiepro.com trc-events.taboola.com api.mixpanel.com api-js.mixpanel.com api.segment.io in.hotjar.com trc.taboola.com vc.hotjar.io; font-src 'self' data fonts.gstatic.com script.hotjar.com; frame-src www.youtube.com s7.addthis.com vars.hotjar.com widget.trustpilot.com; img-src 'self' data: cds.taboola.com q.quora.com 2.gravatar.com bat.bing.com px.ads.linkedin.com www.linkedin.com c0.adalyser.com cx.atdmt.com data heapanalytics.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com web.uploads.tide.co local.tide.co secure.gravatar.com; script-src-elem 'self' 'unsafe-inline' cookie-cdn.cookiepro.com bat.bing.com c0.adalyser.com cdn.heapanalytics.com cdn.mxpnl.com cdn.segment.com cdn.taboola.com trc.taboola.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net platform.twitter.com px.ads.linkedin.com script.hotjar.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.google-analytics.com www.linkedin.com www.googletagmanager.com www.googleadservices.com widget.trustpilot.com tagmanager.google.com; style-src-attr 'unsafe-inline'; report-uri https://csp.tide.co/report 1
block-all-mixed-content; report-uri https://1knzater8k.execute-api.us-west-2.amazonaws.com/prod/csp-report; 1
default-src https: 'unsafe-inline' 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.lagrangesystems.net unpkg.com js.braintreegateway.com tpc.googlesyndication.com ws.sharethis.com *.pinterest.com magnetic.t.domdex.com www.googletagmanager.com *.bronto.com player.vimeo.com www.google-analytics.com *.olark.com f.vimeocdn.com www.tag4arm.com secure.quantserve.com intljs.rmtag.com www.googleadservices.com connect.facebook.net cdn.pbbl.co *.steelhousemedia.com s.pinimg.com ut.ra.linksynergy.com rules.quantcount.com googleads.g.doubleclick.net js-agent.newrelic.com bam.nr-data.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.google.com rum-static.pingdom.net www.gstatic.com p.bm23.com s.yimg.com *.cloudfront.net *.googleapis.com sp.analytics.yahoo.com script.crazyegg.com *.lagrangesystems.net bat.bing.com edge.quantserve.com 193.238.46.57 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.check24.net//csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
default-src https://www.thebusinessplanshop.com; base-uri 'self'; img-src 'self' data: https: https://www.thebusinessplanshop.com https://ad962edbae8ba7b03b7f-d10007df79b5b7a4e475a291e50a08cf.ssl.cf3.rackcdn.com https://f729fc5309edb4d2a809-42905546d373f150b1b6e131d3710cf2.r18.cf3.rackcdn.com http://f729fc5309edb4d2a809-42905546d373f150b1b6e131d3710cf2.r18.cf3.rackcdn.com https://platform-cdn.sharethis.com https://www.gstatic.com https://www.google.com https://www.google.co.uk https://bat.bing.com https://www.facebook.com https://track.customer.io https://seal.godaddy.com; script-src 'self'  'unsafe-inline'  'unsafe-eval' https://www.thebusinessplanshop.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://www.google.com https://*.doubleclick.net https://*.googlesyndication.com https://bat.bing.com https://connect.facebook.net https://graph.facebook.com https://www.googleadservices.com https://seal.godaddy.com https://api.amplitude.com https://cdn.amplitude.com https://assets.customer.io https://track.customer.io https://ad962edbae8ba7b03b7f-d10007df79b5b7a4e475a291e50a08cf.ssl.cf3.rackcdn.com https://2aa35c1eb48b4915c034-da4fb5e7c7bf63accb453cc1066a0e48.ssl.cf3.rackcdn.com https://fc9434489ece23a5e488-15c34f135294ae707e3c719a6f238f0b.ssl.cf3.rackcdn.com https://cdn.firstpromoter.com https://www.gstatic.com https://assets.pinterest.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://count-server.sharethis.com https://t.sharethis.com https://cdn.syndication.twimg.com https://platform.twitter.com; style-src 'self' https://www.thebusinessplanshop.com 'unsafe-inline'  https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://ton.twimg.com https://www.slideshare.net; connect-src 'self' wss://www.thebusinessplanshop.com https://www.thebusinessplanshop.com https://api.amplitude.com https://bat.bing.com https://connect.facebook.net https://*.civiccomputing.com https://vendorlist.consensu.org/vendorlist.json https://t.firstpromoter.com https://track.customer.io https://www.googleadservices.com https://www.google-analytics.com  https://www.paypal.com https://www.facebook.com https://*.g.doubleclick.net; child-src 'self' https://www.thebusinessplanshop.com https://www.google.com https://*.g.doubleclick.net https://*.googlesyndication.com https://app.hubspot.com/ https://*.youtube.com https://www.slideshare.net https://c.sharethis.mgr.consensu.org https://t.sharethis.com https://*.amazon-adsystem.com https://platform.twitter.com; frame-src 'self' https://www.thebusinessplanshop.com https://www.google.com https://*.g.doubleclick.net https://*.googlesyndication.com https://app.hubspot.com/ https://*.youtube.com https://www.slideshare.net https://c.sharethis.mgr.consensu.org https://t.sharethis.com https://*.amazon-adsystem.com https://platform.twitter.com; font-src 'self'  https://themes.googleusercontent.com https://fonts.gstatic.com https://www.gstatic.com; form-action 'self' ; frame-ancestors 'self' https://www.thebusinessplanshop.com; object-src 'none' ; report-uri https://www.thebusinessplanshop.com/app/csp-report; 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.googleadservices.com *.bing.com *.googleapis.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.zopim.com *.bizographics.com *.toutapp.com *.newrelic.com *.linkedin.com *.nr-data.net *.hubspot.com 'unsafe-eval' unpkg.com/feather-icons *.hs-scripts.com *.visualwebsiteoptimizer.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.js.usemessages.com *.bootstrapcdn.com *.doubleclick.net *.albacross.com js.usemessages.com/conversations-embed.js js.hsforms.net/forms/v2.js; object-src *; style-src 'self' 'unsafe-inline' *.googleapis.com ; img-src *; media-src *; frame-src 'self' *.hubspot.com *.doubleclick.net; child-src 'self'; font-src 'self' 'unsafe-inline' *.gstatic.com data: wss:; connect-src 'self' *.hubspot.com *.hubapi.com; report-uri /report-csp-violation 1
default-src https://*.rtr.at ; img-src https://*.rtr.at https://maps.wien.gv.at data: ; style-src https://*.rtr.at 'unsafe-inline' ; script-src https://*.rtr.at https://app.23degrees.io blob: 'unsafe-inline' 'unsafe-eval' ; font-src https://*.rtr.at data: ; frame-src https://*.rtr.at https://app.23degrees.io https://www.youtube-nocookie.com https://www.a-trust.at 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src * 'unsafe-inline'; img-src *; media-src 'self'; frame-src *; frame-ancestors *; child-src *; font-src *; connect-src * 'unsafe-inline'; report-uri /report-csp-violation 1
default-src data: https: http://*.cdn.ngenix.net 'unsafe-inline' 'unsafe-eval'; report-uri https://www.b-kontur.ru/private/csp-report 1
object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com www.googleadservices.com widget.intercom.io assets.calendly.com js.intercomcdn.com; report-uri https://csp.withgoogle.com/csp/ordering-app/20191209_experiment 1
default-src https://www.guiabolso.com.br https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://webchat.helpshift.com 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.typekit.net; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ssl.google-analytics.com stats.g.doubleclick.net app.marketplan.io; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: p.typekit.net use.typekit.net; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.typekit.net; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: assets.interface.ai; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ssl.google-analytics.com app.marketplan.io googleads.g.doubleclick.net js.hs-analytics.net www.googleadservices.com www.googletagmanager.com cdnjs.cloudflare.com js.hs-scripts.com connect.facebook.net www.google-analytics.com widget-gesa.interface.ai js.hs-banner.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: assets.interface.ai bid.g.doubleclick.net widget-gesa.interface.ai; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com track.hubspot.com www.facebook.com ssl.google-analytics.com assets.interface.ai www.google-analytics.com stats.g.doubleclick.net google-analytics.bi.owox.com ; form-action 'none' data: blob: ; report-uri /csp_report 1
report-uri /csp-report; default-src 'none'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.typekit.net ajax.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' ajax.googleapis.com *.typekit.net *.myfonts.net; img-src 'self' data: *.google-analytics.com ajax.googleapis.com *.typekit.net *.doubleclick.net; connect-src 'self'; font-src 'self' data: *.typekit.net; object-src 'self'; media-src  'self'; frame-src *.addthis.com player.vimeo.com www.youtube.com; manifest-src 'self'; 1
default-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl *.op.nl; connect-src 'self' *.ondernemersplein.kvk.nl *.flagship.io ariane.abtasty.com sentry.io vc.hotjar.io *.hotjar.com ampcid.google.com ajax.googleapis.com; img-src 'self' data: *.ondernemersplein.kvk.nl www.rvo.nl opendata.nederlandwereldwijd.nl ariane.abtasty.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com i.ytimg.com; style-src 'self' 'unsafe-inline' *.ondernemersplein.kvk.nl www.gstatic.com fonts.googleapis.com tagmanager.google.com; frame-src 'self' *.ondernemersplein.kvk.nl *.ondernemersplein.nl opendata.ondernemersplein.nl www.youtube.com vars.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ondernemersplein.kvk.nl www.google-analytics.com www.googletagmanager.com www.gstatic.com *.flagship.io ariane.abtasty.com static.hotjar.com script.hotjar.com www.youtube.com s.ytimg.com; report-uri https://sentry.io/api/1234272/security/?sentry_key=f23f8584f25343e3baed391826c1e5ba&sentry_environment=productie 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.lagrangesystems.net www.slickwraps.com dir_cache.designnbuy.us cdn-stamped-io.azureedge.net *.google-analytics.com widget-mediator.zopim.com www.googletagmanager.com static.zdassets.com widget.privy.com connect.facebook.net www.googleadservices.com cdn.onesignal.com platform-api.sharethis.com googleads.g.doubleclick.net onesignal.com js-agent.newrelic.com beacon.riskified.com bam.nr-data.net tag.marinsm.com pixel-geo.prfct.co js.braintreegateway.com checkout.paypal.com www.paypalobjects.com maps.googleapis.com *.cloudmaestro.com *.cloudfront.net platform.twitter.com assets.zendesk.com dir_cache.designnbuy.us  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://static.doubleclick.net https://cdn.datatables.net https://s.ytimg.com https://maps.google.com https://m.addthis.com https://js.stripe.com https://www.youtube.com/iframe_api https://www.youtube.com http://www.youtube.com  http://downloads.mailchimp.com https://downloads.mailchimp.com https://static.addtoany.com http://dev.openlayers.org https://dev.openlayers.org https://m.addthisedge.com https://s7.addthis.com https://apis.google.com https://googleads.g.doubleclick.net https://unpkg.com  https://use.fontawesome.com https://pro.fontawesome.com http://www.amcharts.com https://platform.twitter.com https://ssl.p.jwpcdn.com https://www.google-analytics.com https://records-ws.nbnatlas.org https://use.typekit.net https://www.googleadservices.com https://mc.us16.list-manage.com https://www.googletagmanager.com https://tagmanager.google.com https://downloads.mailchimp.com https://code.jquery.com https://maps.googleapis.com https://connect.facebook.net   https://downloads.mailchimp.com https://csi.gstatic.com; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' http://dev.openlayers.org http://ajax.googleapis.com https://tagmanager.google.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://downloads.mailchimp.com https://use.fontawesome.com https://p.typekit.net https://use.typekit.net https://pro.fontawesome.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com https://pro.fontawesome.com  https://maxcdn.bootstrapcdn.com; frame-src 'self'  https://static.addtoany.com https://s7.addthis.com https://www.google.com https://js.stripe.com https://e.issuu.com https://apis.google.com/ https://www.youtube.com/ https://staticxx.facebook.com/ https://accounts.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.facebook.com/ https://web.facebook.com/; object-src 'self'; connect-src 'self' https://m.addthis.com https://syndication.twitter.com  https://www.facebook.com/tr/  https://performance.typekit.net/ ; media-src 'self' blob: https://e5c5a7c5.ssl.hwcdn.net; worker-src 'self' blob:; frame-ancestors 'self'; base-uri 'self' 1
default-src 'none';    connect-src       https://in.hotjar.com http://vc.hotjar.io       https://*.algolia.net https://*.algolianet.com       https://www.facebook.com       https://cdn.contentful.com/spaces/ef04tndlnzev/environments/production/entries       https://api-externe.adie.org/       https://api.yelloan.com/yello/api/       https://api.yelloan.com/yelloan-messenger-bff/socket.io/       wss://api.yelloan.com/yelloan-messenger-bff/socket.io/       wss://*.hotjar.com/api/v1/client/ws       ;    child-src blob:       ;    font-src 'self'       https://fonts.gstatic.com       https://script.hotjar.com       ;    frame-src       https://vars.hotjar.com https://static.hotjar.com       https://www.google.com https://www.google.com/recaptcha/       https://www.youtube.com       https://www.facebook.com       ;    img-src 'self' data:       maps.gstatic.com *.googleapis.com *.ggpht       https://www.gstatic.com       https://www.google.com https://www.google.fr      https://www.googletagmanager.com https://www.google-analytics.com       https://www.facebook.com https://connect.facebook.net       https://lipis.github.io       https://ks.b26net.com       https://ks.invibes.com       https://secure.adnxs.com       https://script.hotjar.com http://script.hotjar.com       https://images.ctfassets.net       https://cdn.yelloan.com       https://stats.g.doubleclick.net       ;    script-src 'self' 'unsafe-inline' 'unsafe-eval'       https://cdn.ravenjs.com/       https://event-logger.kantics.co/event/conversion       https://connect.facebook.net       https://ad.piximedia.com       https://secure.adnxs.com       https://vars.hotjar.com https://static.hotjar.com https://script.hotjar.com       https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/       https://maps.googleapis.com/       https://www.googletagmanager.com       https://www.google-analytics.com       https://cdn.yelloan.com/adie/       ;    style-src 'self' 'unsafe-inline' blob:       https://fonts.googleapis.com       ;    report-uri https://report.adie.org 1
default-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com http://r.mradx.net https://rs.mail.ru https://hb.bizmrg.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ru https://*.yandex.ru https://*.yandex.net; connect-src https://*.worki.ru wss://*.worki.ru https://suggestions.dadata.ru https://clickstream.worki.ru https://*.mail.ru https://*.yandex.ru https://recommender.scarabresearch.com; font-src https://r.mradx.net; script-src *.mail.ru https://www.google-analytics.com http://cdn.scarabresearch.com *.yandex.ru *.yandex.net yastatic.net https://www.googletagmanager.com https://connect.facebook.net 'unsafe-inline' 'report-sample'; report-uri https://sentry.iconjob.co/api/23/security/?sentry_key=9c4b42adca9e4df2b1c097aec815e0c1&sentry_environment=production; 1
connect-src 'self' https://www.google-analytics.com *.doubleclick.net https://bam.nr-data.net https://www.facebook.com https://locationservice.posti.com *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net; img-src 'self' data: *.keskofiles.com http://public-qa.keskofiles.com *.imgix.net https://www.google-analytics.com https://ssl.gstatic.com *.doubleclick.net https://www.gstatic.com https://www.google.se https://www.google.fi https://www.google.com images.contentful.com images.ctfassets.net https://maps.googleapis.com https://bat.bing.com https://www.facebook.com https://img.youtube.com *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net https://giosg-chat-public-eu.s3.amazonaws.com https://keskoanalytics.s3.eu-central-1.amazonaws.com *.ytimg.com *.videoly.co; manifest-src 'self'; font-src 'self' https://fonts.gstatic.com 'unsafe-inline' data:; frame-src 'self' *.doubleclick.net *.youtube.com *.youtu.be https://utm.keskoanalytics.com/ https://plussa.com/ https://www.plussa.com https://www.prkk.fi https://www.kromo.eu *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net *.kesko.fi http://krauta-fi.stage.rautakesko.episerverhosting.com *.stage.rautakesko.episerverhosting.com *.prod.rautakesko.episerverhosting.com *.thinglink.com; style-src 'self' 'unsafe-inline' blob: https://tagmanager.google.com https://fonts.googleapis.com https://keskoanalytics.s3.eu-central-1.amazonaws.com *.giosg.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com http://tagmanager.google.com *.doubleclick.net https://www.googleadservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://keskoanalytics.s3.eu-central-1.amazonaws.com https://scjc708q0d.execute-api.eu-west-1.amazonaws.com https://bat.bing.com https://connect.facebook.net *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net 'unsafe-eval' *.videoly.co; default-src 'none'; media-src videos.contentful.com videos.ctfassets.net; report-uri https://www.k-rauta.fi/csp-report; 1
default-src 'none'; form-action 'none'; frame-ancestors 'none'; 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.diadoc.ru/private/csp-report 1
base-uri 'none'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'nonce-71625428-268'; object-src 'self'; img-src 'self' *.regenwald.org data:; connect-src 'self'; block-all-mixed-content; report-uri /csp-violation-report/71625428-268 1
script-src 'nonce-wDsnVkuBK5VQ-jZPKPqXnA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/diversity_google; base-uri 'none' 1
connect-src 'self' https://gatehub.net https://*.gatehub.net wss://*.gatehub.net wss://*.ripple.com https://id.ripple.com https://history.ripple.com:7443 https://api.ripplecharts.com https://data.ripple.com https://*.zendesk.com https://ekr.zdassets.com https://www.google-analytics.com https://googletagmanager.com https://api.gastracker.io https://api.blockcypher.com https://api.etherscan.io https://sentry.io wss://widget-mediator.zopim.com; default-src 'self' https://gatehub.net; font-src 'self' https://gatehub.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://gatehub.net https://*.gatehub.net https://www.google.com https://client-api.arkoselabs.com; img-src 'self' https://gatehub.net https://*.gatehub.net https://*.amazonaws.com https://www.google-analytics.com https://chart.googleapis.com https://stats.g.doubleclick.net https://ssl.gstatic.com blob: data:; media-src 'self' https://gatehub.net https://*.gatehub.net https://static.zdassets.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gatehub.net https://*.gatehub.net https://www.google-analytics.com https://www.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://apis.google.com https://www.gstatic.com https://code.highcharts.com https://*.zendesk.com https://static.zdassets.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://client-api.arkoselabs.com; style-src 'self' 'unsafe-inline' https://gatehub.net https://*.gatehub.net https://fonts.googleapis.com; report-uri https://gatehub.report-uri.com/r/d/csp/wizard; 1
default-src 'self' oekom.de www.oekom.de *.newsletter2go.com *.saferpay.com captcha.wirth-horn.de matomo.oekomlamp.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://fonts.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /csp-report.cfm 1
default-src 'self' https://www.google.com; script-src 'self' 'unsafe-inline' *.gstatic.com www.google.com connect.facebook.net www.google-analytics.com; style-src 'self' 'unsafe-inline' *.gstatic.com fonts.googleapis.com; img-src 'self' data: *.gstatic.com www.google-analytics.com www.facebook.com; font-src 'self' data: fonts.gstatic.com; frame-src https://www.facebook.com https://www.google.com; worker-src 'self' www.google.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp/ 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.crosman.com pagead2.googlesyndication.com *.google-analytics.com www.googletagmanager.com container.pepperjam.com adservice.google.co.in *.google.com tag.getdrip.com *.hotjar.com *.cloudfront.net js-agent.newrelic.com shop.pe bam.nr-data.net www.googletagmanager.com tpc.googlesyndication.com addshoppers.s3.amazonaws.com shopper.shop.pe api.getdrip.com api.pinterest.com www.gstatic.com www.googletagservices.com platform.twitter.com www.youtube.com *.ytimg.com cdn.syndication.twimg.com *.cloudmaestro.com connect.facebook.net partner.googleadservices.com adservice.google.ca adservice.google.co.uk maps.googleapis.com 1
default-src 'self' data: *.doubleclick.net *.adriver.ru *.google.ru *.google.com *.criteo.com *.criteo.net tags.soloway.ru vk.com top-fwz1.mail.ru *.facebook.com *.facebook.net www.googletagmanager.com www.googleadservices.com player.vimeo.com *.livetex.ru *.yandex.net *.yandex.ru kontur.ru *.kontur.ru www.google-analytics.com counter.yadro.ru fonts.gstatic.com *.s-microsoft.com 'unsafe-inline' 'unsafe-eval'; report-uri https://www.kontur-extern.ru/private/csp-report 1
default-src 'self' *.thunderhead.com *.facebook.com bam.nr-data.net *.mouseflow.com *.mktorest.com *.mktoresp.com *.consensu.org bid.g.doubleclick.net *.omtrdc.net *.demdex.net *.youtube.com *.marketo.com *.onetrust.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.marketo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.salesforceliveagent.com cdn.mouseflow.com munchkin.marketo.net *.marketo.com *.mktorest.com assets.adobedtm.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.linkedin.com *.youtube.com s.ytimg.com *.facebook.com connect.facebook.net t.co static.ads-twitter.com analytics.twitter.com js-agent.newrelic.com fast.gehealthcare.demdex.net dpm.demdex.net gateway.zscalertwo.net snap.licdn.com bam.nr-data.net gehealthcare.sc.omtrdc.net gelifedigitalhubprod.112.2o7.net cx.atdmt.com cm.everesttech.net static.cloud.coveo.com *.thunderhead.com google.com googleads.g.doubleclick.net *.evidon.com *.consensu.org *.adroll.com maps.googleapis.com *.onetrust.com; img-src * data:; media-src 'self' cdn.cytivalifesciences.com *.youtube.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; frame-src 'self' *.adobe.com; report-uri https://www.cytivalifesciences.com/api/csp/report 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ https://*.quantserve.com https://*.quantcount.com https://quantcast.mgr.consensu.org 'unsafe-eval' 'nonce-lK5dmg5pJNbgoaA5OvBx1hvoybA'; object-src 'none'; worker-src blob:; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' youtube.com *.googleapis.com googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googleapis.com data: https: www.googletagmanager.com ; object-src 'self' *.fayat.com * data: https: fayat.com; style-src 'unsafe-inline' 'self' cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com themes.googleusercontent.com; img-src 'self' *.fayat.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.w3.org 'unsafe-eval' 'unsafe-hashes' stats.g.doubleclick.net *.doubleclick.net data:; media-src 'self' *.fayat.com youtube.com www.youtube.com; frame-src fayat.com www.fayat.com *.fayat.com youtube.com www.youtube.com *.googletagmanager.com static.doubleclick.net youtube.com www.youtube.com www.gstatic.com www.google.com; frame-ancestors fayat.com *.fayat.com; child-src fayat.com www.fayat.com *.fayat.com youtube.com www.youtube.com *.googletagmanager.com static.doubleclick.net youtube.com www.youtube.com; font-src fonts.googleapis.com fonts.gstatic.com themes.googleusercontent.com; connect-src 'self' data: https: *.fayat.com localhost *.localhost; report-uri /report-csp-violation 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.google.com www.youtube.com amc.demdex.net vars.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com network-eu-stg.bazaarvoice.com network-eu.bazaarvoice.com amcglobal.sc.omtrdc.net data: cm.everesttech.net dpm.demdex.net www.googletagmanager.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com network-eu.bazaarvoice.com network-eu-stg.bazaarvoice.com www.googletagmanager.com www.google.com www.gstatic.com script.hotjar.com static.hotjar.com chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com display.ugc.bazaarvoice.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com in.hotjar.com www.paypal.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https:; font-src 'self' 'unsafe-inline' https://d3requdwnyz98t.cloudfront.net https: data:; img-src 'self' https://usercontent.gooddog.com https://d3requdwnyz98t.cloudfront.net https://dosjk7j8ofru3.cloudfront.net https: data: blob:; script-src 'self' 'unsafe-inline' https://d3requdwnyz98t.cloudfront.net https:; style-src 'self' 'unsafe-inline' https://d3requdwnyz98t.cloudfront.net https:; manifest-src 'self' data:; connect-src 'self' wss://www.gooddog.com/action_cable https://vc.hotjar.io https://in.hotjar.com https://*.bugsnag.com https://dog-park-labs-user-content-production.s3.amazonaws.com https://bam.nr-data.net https://gooddog.gladly.com https://cdn.gladly.com; report-uri /csp_violation 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fpartners&source%5Buuid%5D=5c1f1010a820c640ec769e2a4f0df1f9 1
default-src 'self' https: ; img-src 'self' https://dl.episerver.net/ https://www.googletagmanager.com/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://cm.g.doubleclick.net/ https://bat.bing.com/ https://bppmdmxgsg.execute-api.eu-west-1.amazonaws.com/prod/ data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/  https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://bat.bing.com/ https://*.responsetap.com/ https://dl.episerver.net/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://dl.episerver.net/ ; font-src 'self' https://fonts.gstatic.com/ data: ; 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' www.facebook.com *.rlets.com stats.g.doubleclick.net api.omappapi.com bat.bing.com nexus-websocket-a.intercom.io js.calltrk.com in.hotjar.com uploads.intercomcdn.com capture-api.reachlocalservices.com schooladmin.one d22hyekh7rynxu.cloudfront.net nexus-long-poller-a.intercom.io translate.googleapis.com app.wootric.com wss://nexus-websocket-a.intercom.io sa-assets-production.s3.amazonaws.com cdnjs.cloudflare.com api.rollbar.com cdn.rollbar.com ssl.google-analytics.com www.google-analytics.com cdn.coview.com cdn.plaid.com widget.intercom.io localhost:8080 api-iam.intercom.io app.coview.com gpkpyklzq55q.statuspage.io ws:; font-src 'self' maxcdn.bootstrapcdn.com d22hyekh7rynxu.cloudfront.net d3gnzzjkw9beyn.cloudfront.net js.intercomcdn.com fonts.gstatic.com data: font; frame-src 'self' *.rlets.com www.facebook.com www.youtube.com match.adsrvr.org vars.hotjar.com bid.g.doubleclick.net insight.adsrvr.org cdn.plaid.com js.stripe.com intercom-sheets.com 4506756.fls.doubleclick.net www.google.com; img-src * blob: data:; media-src 'self' js.intercomcdn.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.calltrk.com js.calltrk.com app.wootric.com js.hs-analytics.net s3.amazonaws.com/downloads.mailchimp.com/js/goal.min.js www.googleadservices.com extend.vimeocdn.com connect.facebook.net secfld.vmmpxl.com cdn.calltrk rw1.marchex.io www.loopanalytics.com snap.licdn.com i.simpli.fi tag.simpli.fi static.hotjar.com script.hotjar.com a.omappapi.com js-agent.newrelic.com bam.nr-data.net js.hs-scripts.com js.hs-banner.com *.rlets.com s.btstatic.com googleads.g.doubleclick.net bat.bing.com/bat.js js.adsrvr.org eligibility.wootric.com www.googletagmanager.com d27j601g4x0gd5.cloudfront.net translate.google.com translate.googleapis.com d22hyekh7rynxu.cloudfront.net d3gnzzjkw9beyn.cloudfront.net ssl.google-analytics.com cdn.rollbar.com www.google-analytics.com cdn.plaid.com www.google.com www.gstatic.com widget.intercom.io cdn.coview.com js.intercomcdn.com app.coview.com js.stripe.com data: scrdoc:; style-src 'self' 'unsafe-inline' translate.googleapis.com d22hyekh7rynxu.cloudfront.net d3gnzzjkw9beyn.cloudfront.net fonts.googleapis.com hello.myfonts.net; report-uri /api/csp 1
default-src 'self' *.ccavenue.com *.razorpay.com *.fonepaisa.com view.officeapps.live.com www.google.com use.fontawesome.com www.youtube-nocookie.com www.youtube.com; connect-src 'self' *.elitmus.com *.elitmus.net bam.nr-data.net sentry.elitmusmail.com *.google-analytics.com api.mixpanel.com wss:; font-src 'self' cdn.jsdelivr.net fonts.gstatic.com use.fontawesome.com https: data:; img-src 'self' blob: cdn0.elitmus.net *.amazonaws.com data: https: www.google.com *.google-analytics.com api.mixpanel.com; object-src 'self' *.amazonaws.com; script-src 'self' 'unsafe-inline' *.newrelic.com bam.nr-data.net cdn0.elitmus.net google-analytics.com api.mixpanel.com cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.js cdn.jsdelivr.net/momentjs/latest/moment.min.js cdn.ckeditor.com/4.11.3/full/ckeditor.js https: data:; style-src 'self' 'unsafe-inline' cdn0.elitmus.net use.fontawesome.com/releases/v5.0.6/css/all.css cdn.jsdelivr.net/bootstrap/3/css/bootstrap.css cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.css https:; report-uri /csp_reports 1
font-src *.ekomiapps.de *.googleapis.com *.gstatic.com https://280292-868812-raikfcquaxqncofqfm.stackpathdns.com/ data: fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://tr.snapchat.com/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.ekomiapps.de *.adyen.com *.google.com https://tr.snapchat.com/ https://www.emjcd.com/ https://vars.hotjar.com/ https://static-na.payments-amazon.com/ https://payments.amazon.com/  *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.cloudflare.com *.cloudfront.net *.doubleclick.com *.doubleclick.net *.ekomiapps.de *.klarna.com *.klaviyo.com *.googleadservices.com *.google-analytics.com *.paypal.com *.adyen.com *.twimg.com *.ytimg.com *.pinterest.com *.google.com https://280292-868812-raikfcquaxqncofqfm.stackpathdns.com/ https://bat.bing.com/ https://cdn.routeapp.io/ https://maps.googleapis.com/ https://shopper.shop.pe/ *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com *.amazon.com *.doubleclick.com *.ekomiapps.de *.googleapis.com *.klaviyo.com *.pinimg.com *.payments-amazon.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com https://280292-868812-raikfcquaxqncofqfm.stackpathdns.com/ https://static.criteo.net/ https://sc-static.net/ https://js-agent.newrelic.com/ https://bat.bing.com/ https://bam.nr-data.net/ https://sslwidget.criteo.com/ https://cdn.routeapp.io/ https://stats.g.doubleclick.net/ https://shop.pe/ https://shopper.shop.pe/ https://d3rr3d0n31t48m.cloudfront.net/ https://static.hotjar.com https://script.hotjar.com/ https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.ekomiapps.de *.googleapis.com *.gstatic.com https://280292-868812-raikfcquaxqncofqfm.stackpathdns.com/ fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.ekomiapps.de https://bam.nr-data.net/ *.amazon.com *.cloudflare.com *.paypal.com *.klaviyo.com *.pinterest.com *.google-analytics.com https://280292-868812-raikfcquaxqncofqfm.stackpathdns.com/ https://api.route.com/ https://shopper.shop.pe/ https://stats.g.doubleclick.net/ https://in.hotjar.com/ 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ca ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.ca *.spreadshirt.ca ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.ca ; font-src 'self' https: data: *.spreadshirt.ca ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ca ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ca ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.trustedshops.com *.googleapis.com *.fontawesome.com *.bootstrapcdn.com chat.totaltiles.co.uk 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.twitter.com *.google.com *.addthis.com *.reviews.co.uk 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com 'self' data: *.sagepay.co.uk 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.addthis.com z.moatads.com *.addthisedge.com apis.google.com *.reviews.co.uk graph.facebook.com widgets.pinterest.com chat.totaltiles.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com chat.totaltiles.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://totaltiles.co.uk/; report-to report-endpoint; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.deserres.ca www.googletagmanager.com *.google-analytics.com www.google.com www.booxi.com bat.bing.com *.hotjar.com  ajax.cloudflare.com www.googleadservices.com connect.facebook.net www.gstatic.com googleads.g.doubleclick.net wurfl.io js-agent.newrelic.com *.pinimg.com bam.nr-data.net *.googleapis.com *.signifyd.com ws1.postescanada-canadapost.ca ajax.cloudflare.com *.cloudmaestro.com woobox.com www.google-analytics.com www.youtube.com 1
string 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' connect.facebook.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com widget.intercom.io js.intercomcdn.com js.stripe.com production.wootric.com wootric-eligibility.herokuapp.com d27j601g4x0gd5.cloudfront.net cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net googleads.g.doubleclick.net www.google.com www.google.dk www.google.co.uk cdn.headwayapp.co consentcdn.cookiebot.com consent.cookiebot.com static.ads-twitter.com analytics.twitter.com static.hotjar.com script.hotjar.com www.gstatic.com www.redditstatic.com eligibility.wootric.com ipt app.wootric.com; report-uri https://elmahio.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; script-src 'self' www.google-analytics.com tagmanager.google.com www.googletagmanager.com maps.googleapis.com *.segmint.net *.bizographics.com cdn.timetrade.com *.youtube.com *.linkedin.com *.facebook.net *.facebook.com *.krxd.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' tagmanager.google.com www.googletagmanager.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: www.google-analytics.com *.google.com *.googletagmanager.com *.g.doubleclick.net maps.googleapis.com *.gstatic.com i.ytimg.com jwpltx.com products.gobankingrates.com *.facebook.com *.krxd.net *.agkn.com *.depositaccounts.com; connect-src 'self' www.google-analytics.com *.g.doubleclick.net *.segmint.net *.krxd.net; child-src 'self' tagmanager.google.com www.googletagmanager.com *.segmint.net *.timetrade.com *.timetradesystems.com www.fintactix.net appvault.com *.serversidegraphics.com us.personalcard.net *.fls.doubleclick.net *.krxd.net; frame-src 'self' tagmanager.google.com www.googletagmanager.com *.segmint.net *.timetrade.com *.timetradesystems.com www.fintactix.net *.appvault.com *.serversidegraphics.com us.personalcard.net *.fls.doubleclick.net *.krxd.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; report-uri /csp-report.do 1
default-src data: https: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /mixed-content-collector; 1
default-src 'self' blob:; script-src https://web.tamtam.chat https://www.googletagmanager.com/ https://www.google-analytics.com/ https://mc.yandex.ru/ blob: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://web.tamtam.chat 'unsafe-inline'; img-src https://api.mapbox.com https://*.mycdn.me https://*.ok.ru https://web.tamtam.chat https://www.google-analytics.com/ https://mc.yandex.ru/ https://stats.g.doubleclick.net/ https://*.tenor.com/ blob: data: 'self'; connect-src wss://*.tamtam.chat/websocket https://web.tamtam.chat https://*.mycdn.me/ https://ok.ru/web-api/tamtam https://mc.yandex.ru/ https://*.mapbox.com/ https://*.tenor.com/ https://ipapi.co/ 'self' blob:; media-src https://web.tamtam.chat https://*.mycdn.me https://*.ok.ru https://*.tenor.com blob: data:; report-uri /csp/report 1
font-src https://www.gstatic.com https://fonts.gstatic.com data: https://v2.zopim.com https://script.hotjar.com https://widgets.trustedshops.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://www.google.com https://secure.pay1.de https://vars.hotjar.com https://www.youtube.com https://www.facebook.com http://gum.criteo.com http://static.criteo.net http://st.smartassistant.com https://bid.g.doubleclick.net/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://www.google.com https://www.gstatic.com http://www.google.com https://www.googletagmanager.com https://sslwidget.criteo.com http://static.criteo.net https://widget.eu.criteo.com widgets.trustedshops.com https://connect.facebook.net https://secure.pay1.de https://cdn.klarna.com https://bat.bing.com https://www.dwin1.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://v2.zopim.com https://clientcdn.pushengage.com https://a.optmnstr.com https://amplify.outbrain.com https://ai.trk42.net https://static.zdassets.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com widgets.trustedshops.com https://mobilityhouse.pushengage.com https://maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.facebook.com *.api.trustedshops.com https://api.trustedshops.com https://shops-si.trustedshops.com https://trustbadge.api.etrusted.com https://ekr.zdassets.com wss://widget-mediator.zopim.com https://z.omappapi.com https://api.omappapi.com https://in.hotjar.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /mb_csp; report-to report-endpoint; 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/muralsyourway.com; 1
font-src fonts.gstatic.com use.typekit.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net js.braintreegateway.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net performance.typekit.net js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.nl ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.nl *.spreadshirt.nl ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.nl ; font-src 'self' https: data: *.spreadshirt.nl ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.nl ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.nl ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.com.br https://*.doubleclick.net https://*.tiny.com.br https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://*.mlstatic.com/ https://*.mLstatic.com/; font-src 'self' data: https://*.typekit.net https://*.gstatic.com https://*.googleadservices.com https://*.tiny.com.br https://*.mlstatic.com/ https://*.mLstatic.com/; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://*.mlstatic.com/ https://*.mLstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.googleadservices.com https://*.doubleclick.net https://*.gstatic.com http://*.googleadservices.com https://*.youtube.com https://*.ytimg.com https://developers.mercadolibre.com.ar/ https://event.getblue.io/ https://*.getblue.io/; child-src 'self' https://*.youtube.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.google.com.br https://*.gstatic.com https://*.googlesyndication.com https://*.tiny.com.br https://event.getblue.io https://tiny.com.br; frame-ancestors 'self' https://*.mercadoshops.com.br https://*.tiny.com.br; connect-src 'self' https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.doubleclick.net https://*.youtube.com; report-uri https://erp.tiny.com.br/webhook/csp/report_handler.php 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gaiadesign.com.mx *.cloudflare.com static.criteo.net *.richrelevance.com *.googleadservices.com *.s3.amazonaws.com s3.amazonaws.com *.criteo.com *.scarabresearch.com  www.magecredit.com *.googletagmanager.com *.google-analytics.com www.google.com staticw2.yotpo.com live.hullabalook.com gnogmedia.g2afse.com  static.zdassets.com *.facebook.net secure.comodo.com widgets.pinterest.com snap.licdn.com bat.bing.com *.taboola.com pixel.mathtag.com cdn.noibu.com js.hs-scripts.com v2.zopim.com js.hscollectedforms.net js.hs-banner.com js.hsadspixel.net js.hs-analytics.net js.usemessages.com *.g.doubleclick.net *.hotjar.com cdn.mndtrk.com *.kk-resources.com static.hsappstatic.net js-agent.newrelic.com bam.nr-data.net clk.solocpm.com widget-mediator.zopim.com www.paypalobjects.com www.paypal.com *.bayonet.io live.adyen.com *.cloudfront.net *.siftscience.com *.cloudmaestro.com api.openpay.mx ajax.googleapis.com pixel.cdnwidget.com platform.twitter.com apis.google.com assets.pinterest.com secure.comodo.net embed.typeform.com tm.tradetracker.net tpc.googlesyndication.com forms.hsforms.com js.hsforms.net 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.ng&source%5Bsection%5D=brochure&source%5Buuid%5D=8f79b96e0a2e990b2ab8e9a36d3012fe 1
default-src 'self' https://cdn.consentmanager.mgr.consensu.org; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://fonts.googleapis.com; img-src 'self' data: https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com; frame-src https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com; report-uri https://jenoptik.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: ; form-action 'none' data: ; report-uri /csp_report 1
font-src https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://widgets.trustedshops.com https://use.fontawesome.com data:; frame-src 'self' https://www.youtube-nocookie.com https://payments-amazon.de https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://*.payments-amazon.com https://*.amazon.com https://www.google.com https://disqus.com https://*.disquscdn.com https://www.facebook.com https://www.ekomi.de https://w.soundcloud.com https://button.aftership.com https://*.datatrans.com; img-src 'self' https://* * data:; script-src 'self' https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://*.google-analytics.com *.google-analytics.com https://code.jquery.com https://oss.maxcdn.com https://cdnjs.cloudflare.com https://bat.bing.com https://*.intelliad.de https://*.payments-amazon.com https://*.amazon.com https://payments.amazon.de https://payments.amazon.fr https://payments.amazon.it https://payments.amazon.es https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://*.disquscdn.com https://*.disqus.com https://disqus.com https://widgets.trustedshops.com https://*.aftership.com https://apis.google.com https://*.datatrans.com https://cdn.jsdelivr.net/npm/canvas-confetti@0.5.0/ https://feedback.shopvote.de https://media2.supermagnete.de https://www.supermagnete.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://fonts.googleapis.com https://widgets.trustedshops.com https://use.fontawesome.com https://*.disquscdn.com https://www.google.com/uds/ https://feedback.shopvote.de https://media2.supermagnete.de https://www.supermagnete.de 'unsafe-inline' data:; report-uri https://supermagnete.report-uri.com/r/d/csp/reportonly; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src 'self' https://stream.klgd.ru rtmp://stream.klgd.ru; report-uri /csp-report 1
default-src 'none'; font-src fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com data: *.nlm.nih.gov; connect-src google-analytics.com siteintercept.qualtrics.com stats.g.doubleclick.net *.nlm.nih.gov; frame-src platform.twitter.com www.google.com; img-src 'self' data: www.google-analytics.com www.googletagmanager.com gtrk.s3.amazonaws.com stats.g.doubleclick.net co1.qualtrics.com; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' *.nlm.nih.gov ajax.googleapis.com siteintercept.qualtrics.com www.google-analytics.com dap.digitalgov.gov www.googletagmanager.com code.jquery.com *.cloudfront.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com *.nlm.nih.gov code.jquery.com cdn.datatables.net; upgrade-insecure-requests; report-uri https://nlmoccs.report-uri.com/r/d/csp/reportOnly 1
default-src 'none';   script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com     https://script.hotjar.com https://connect.facebook.net https://static.hotjar.com     https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js     https://www.googletagmanager.com https://www.google-analytics.com *.hotjar.com     http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js;   connect-src 'self' https://vc.hotjar.io https://in.hotjar.com https://insights.hotjar.com     https://www.google-analytics.com https://stats.g.doubleclick.net;   font-src 'self' data:;   worker-src 'self' blob: data:;   img-src 'self' data: https://www.linkedin.com https://www.facebook.com https://p.adsymptotic.com     https://www.google.com http://t.co https://px.ads.linkedin.com https://t.co https://www.google-analytics.com     https://stats.g.doubleclick.net/r/collect;   style-src 'self' 'unsafe-inline' data: https://seesparkbox.com http://afeld.github.io/emoji-css/emoji.css     https://cloud.typography.com/655912/6152352/css/fonts.css;   frame-src 'self' https://vars.hotjar.com;   media-src data:;   report-uri https://sparkbox.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.ph&source%5Bsection%5D=brochure&source%5Buuid%5D=fccb0323d740b9e99a6ada5d47437d37 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com video.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src https: 'unsafe-inline' 1
report-uri /csp-reports/; default-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; connect-src 'self' https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://*.pndsn.com https://pubsub.pubnub.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://stats.g.doubleclick.net https://api.hsforms.com https://www.facebook.com https://jsd-widget.atlassian.com https://mgas.prod.public.atl-paas.net; font-src 'self' https://production-trackbill.netdna-ssl.com https://fonts.gstatic.com https://static.hsappstatic.net; frame-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net https://www.youtube.com https://connect.facebook.net; img-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://mozilla.github.io https://static.hsappstatic.net https://track.hubspot.com https://hubspot-avatars.s3.amazonaws.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://certify.alexametrics.com https://d5nxst8fruw4z.cloudfront.net data: blob:; media-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; object-src 'self' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://code.jquery.com https://mozilla.github.io https://app.hubspot.com https://static.hsappstatic.net https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-scripts.com https://bam.nr-data.net https://connect.facebook.net https://www.google-analytics.com https://d31qbv1cthcecs.cloudfront.net https://www.googletagmanager.com https://js-agent.newrelic.com https://mgas.prod.public.atl-paas.net https://jsd-widget.atlassian.com; style-src 'self' 'unsafe-inline' https://trackbill.com https://*.trackbill.com https://production-trackbill.netdna-ssl.com https://code.jquery.com https://mozilla.github.io https://static.hsappstatic.net https://www.google-analytics.com https://fonts.googleapis.com; child-src 'self' https://trackbill.com https://*.trackbill.com https://app.hubspot.com https://mozilla.github.io https://d31qbv1cthcecs.cloudfront.net; form-action 'self' https://trackbill.com https://*.trackbill.com https://connect.facebook.net; frame-ancestors 'none'; plugin-types application/pdf; 1
default-src 'self' *.worlddancesport.org www.google-analytics.com staticxx.facebook.com; font-src 'self' data: cdnw.worlddancesport.org fonts.gstatic.com; connect-src 'self' clients6.google.com dc.services.visualstudio.com *.addthis.com www.google-analytics.com stats.g.doubleclick.net; style-src 'unsafe-inline' *.worlddancesport.org www.google.com browser-update.org; img-src data: *.worlddancesport.org *.ytimg.com *.facebook.com *.google.com *.calameoassets.com *.vimeocdn.com *.gstatic.com stats.g.doubleclick.net www.google-analytics.com www.googleapis.com browser-update.org; script-src 'self' 'unsafe-inline' cdnw.worlddancesport.org az416426.vo.msecnd.net *.facebook.com *.facebook.net *.twitter.com *.addthis.com *.addthisedge.com *.google.com www.googleapis.com www.google-analytics.com browser-update.org; child-src 'self' cdnb.worlddancesport.org *.facebook.com *.twitter.com *.addthis.com *.google.com www.youtube.com player.vimeo.com www.saferpay.com; upgrade-insecure-requests; report-uri https://7ab93b867c81f64df54af5d5e2cd45ea.report-uri.com/r/d/csp/reportOnly 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.driftt.com https://*.facebook.net https://*.twitter.com https://js.hscta.net https://*.hubspot.com https://www.googletagmanager.com https://js.hs-scripts.com https://*.hsforms.net https://*.hsforms.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsleadflows.net https://code.jquery.com https://www.google-analytics.com https://*.googleapis.com https://*.linkedin.com https://js.hs-banner.com https://snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://js.hsadspixel.net https://*.greenhouse.io https://*.jsdelivr.net https://d10lpsik1i8c69.cloudfront.net;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cdnjs.cloudflare.com https://cdn2.hubspot.net https://static.hsappstatic.net https://d10lpsik1i8c69.cloudfront.net;img-src 'self' data: https:;connect-src 'self' https://forms.hubspot.com https://cdn.contentful.com https://*.daml.com https://www.google-analytics.com https://api.sitesearch360.com https://cp.hubspot.com https://api.hubapi.com https://cdn2.hubspot.net https://p.adsymptotic.com https://*.hsforms.com https://*.daml.com https://daml.com https://*.luckyorange.net wss://*.visitors.live;font-src 'self' data: https://*.digitalasset.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;object-src 'self';frame-src 'self' https://*.driftt.com/ https://*.hsforms.com https://player.vimeo.com https://*.daml.com https://platform.twitter.com https://bid.g.doubleclick.net https://*.jsdelivr.net https://*.greenhouse.io;manifest-src 'self';report-uri https://report-uri.digitalasset.com/report-uri;upgrade-insecure-requests 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com api-public.addthis.com connect.facebook.net apps.elfsight.com *.elfsight.com m.addthis.com www.google-analytics.com www.gstatic.com v1.addthisedge.com s7.addthis.com www.google-analytics.com www.google.com z.moatads.com static.elfsight.com gstatic.com 1
default-src 'self' *.garbanzo.io *.staging.garbanzo.io *.garbanzo.test; img-src 'self' data: *.facebook.com *.google-analytics.com *.garbanzo.io *.staging.garbanzo.io *.garbanzo.test; style-src 'self' 'unsafe-inline'; script-src 'sha256-JA0jazI9/CI9uZAMdNOtI/+bw1X+qVJrfwv136uCCH0=' 'self' 'self' 'report-sample' *.stripe.com *.facebook.net *.google-analytics.com *.cloudflareinsights.com; connect-src 'self' *.algolianet.com *.algolia.net *.sentry.io *.google-analytics.com *.garbanzo.io *.staging.garbanzo.io *.garbanzo.test *.facebook.com https://garbanzo.sfo2.cdn.digitaloceanspaces.com; frame-src *.facebook.com *.stripe.com; report-uri https://api.staging.garbanzo.io/api/csp-reports 1
script-src 'self' 'unsafe-eval' 'unsafe-inline'              *.facebook.net             *.pinterest.com             *.typekit.net             *.twitter.com                                                 https://*.aimbase.com                                                  https://www.youtube.com/player_api                                                  https://www.google.com/recaptcha/                                                 http://www.google.com/jsapi                                                  https://*.google-analytics.com                                                  https://www.googleservices.com              https://www.googleadservices.com                                                 https://www.google.com/jsapi                                                  https://www.googletagmanager.com                                                  https://maps.googleapis.com                                                  https://code.jquery.com             https://optanon.blob.core.windows.net              https://*.msecnd.net             https://bat.bing.com/bat.js             https://*.cloudfront.net             https://cdn.mouseflow.com             https://www.gstatic.com             https://*.doubleclick.net;      style-src 'self' 'unsafe-inline'              https://fonts.googleapis.com              https://optanon.blob.core.windows.net              https://www.google.com; 1
font-src 'self' https://*.kxcdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.kxcdn.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://includes.ccdc02.com/cardinalcruise/ https://js.braintreegateway.com https://songbird.cardinalcommerce.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.kxcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; child-src 'self' https://staticxx.facebook.com https://bid.g.doubleclick.net; img-src 'self' data: https:; report-uri /api/v0.1.0/security-report/csp; connect-src 'self' https:; object-src 'self' https://*.kxcdn.com; default-src 'self'; frame-src 'self' https://*.cardinalcommerce.com https://*.kxcdn.com https://assets.braintreegateway.com https://bid.g.doubleclick.net https://checkout.paypal.com https://connect.facebook.net https://staticxx.facebook.com https://www.facebook.com 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: ; report-uri https://csp.scran.ac.uk/scran-live; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://cdn.syndication.twimg.com https://www.google-analytics.com https://www.googletagmanager.com https://siteimproveanalytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://www.google-analytics.com https://www.googletagmanager.com https://siteimproveanalytics.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.provincie-utrecht.nl/report-uri/reportOnly 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1
form-action 'none'; frame-ancestors 'none'; report-uri https://devbridgesecurityteam.report-uri.com/r/d/csp/reportOnly 1
default-src self; script-src 'self' 'unsafe-inline'  'unsafe-eval'  https://*.googleapis.com  http://www.google-analytics.com  https://www.google-analytics.com  http://www.googletagmanager.com http://cdn.jsdelivr.net http://d2wutcmzxutplq.cloudfront.net; object-src 'self' http://d2wutcmzxutplq.cloudfront.net; style-src 'self'  'unsafe-inline'  https://*.googleapis.com http://www.google-analytics.com https://www.google-analytics.com http://cdn.jsdelivr.net  http://d2wutcmzxutplq.cloudfront.net; img-src 'self' http://www.google-analytics.com http://d2wutcmzxutplq.cloudfront.net https://stats.g.doubleclick.net; media-src 'self' http://d2wutcmzxutplq.cloudfront.net; frame-src 'self'; child-src 'self'; font-src 'self'  'unsafe-inline'  https://fonts.googleapis.com  http://www.google-analytics.com http://cdn.jsdelivr.net http://d2wutcmzxutplq.cloudfront.net; connect-src 'self'  'unsafe-inline'  https://*.googleapis.com   http://www.google-analytics.com https://www.google-analytics.com; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com at1.listrakbi.com services.xg4ken.com www.res-x.com www.googleadservices.com cdn.searchspring.net ash.creativecdn.com nsg.symantec.com static-na.payments-amazon.com edge1.certona.net www.googlecommerce.com s1.listrakbi.com connect.facebook.net bat.bing.com maps.googleapis.com apis.google.com cdn.listrakbi.com www.google-analytics.com seal.websecurity.norton.com seal-chicago.bbb.org us.creativecdn.com assets.pinterest.com googleads.g.doubleclick.net s.pinimg.com trk.cotterweb.net www.shopzilla.com autocomplete2.searchspring.net www.googletagmanager.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.googleapis.com cdn.searchspring.net cdn.honey.io cdn.listrakbi.com mediacdn.espssl.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com mediacdn.espssl.com cdn.honey.io; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: stats.g.doubleclick.net bat.bing.com api.zippopotam.us apay-us.amazon.com www.facebook.com payments.amazon.com onsite-api.listrak.com www.google.com product.listrakbi.com www.google-analytics.com beacon.searchspring.io oc.listrakbi.com ct.pinterest.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com tpc.googlesyndication.com assets.pinterest.com bid.g.doubleclick.net ash.creativecdn.com www.google.ca nsg.symantec.com www.facebook.com payments.amazon.com static-na.payments-amazon.com ct.pinterest.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: mediacdn.espssl.com www.google.com s3.amazonaws.com www.facebook.com d3cgm8py10hi0z.cloudfront.net log.pinterest.com sca1.listrakbi.com connect.facebook.net www.google.ca 5123.xg4ken.com www.google-analytics.com ct.pinterest.com d2ldlvi1yef00y.cloudfront.net seal.websecurity.norton.com seal-chicago.bbb.org assets.pinterest.com cj.dotomi.com secure.gravatar.com rd.connexity.net s1.listrakbi.com cdn.honey.io api.searchspring.net maps.gstatic.com nsg.symantec.com www.bizrate.com; form-action  www.giftsforyounow.com www.paypal.com www.facebook.com apay-us.amazon.com customers.listrak.com ct.pinterest.com payments.amazon.com; report-uri /csp_report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.nz&source%5Bsection%5D=brochure&source%5Buuid%5D=c5fbf906c876af489af6d7eb74a932eb 1
frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 1
font-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src data: js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=emimino 1
child-src 'self'; connect-src 'self' data: https://*.cloudflare.com https://*.google-analytics.com https://*.googleapis.com https://*.hotjar.com https://*.hotjar.io https://bit4coin.net wss://*.hotjar.com; default-src 'self' *.ravenjs.com; font-src 'self' data: https://*.fontawesome.com https://*.gstatic.com https://unpkg.com; frame-src 'self' data: http://*.google.com https://*.cloudfront.net https://*.google.com https://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://*.google.com https://*.bitbond.com https://*.cloudfront.net https://*.eu-central-1.amazonaws.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.webflow.com; manifest-src 'self'; media-src 'self' data:; object-src 'self' https://*.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.google.com https://*.bitbond.com https://*.cloudflare.com https://*.cloudfront.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.hotjar.com https://*.newrelic.com https://*.nr-data.net https://unpkg.com wss://*.hotjar.com; style-src 'self' 'unsafe-inline' http://*.google.com https://*.bitbond.com https://*.cloudflare.com https://*.cloudfront.net https://*.fontawesome.com https://*.google.com https://*.googleapis.com https://unpkg.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_e1d179bd309a456abc36313a51dfc009 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com acsbap.com 'self' data: *.bigmarker.com *.freshchat.com *.afterpay.com *.acsbapp.com acsbapp.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com *.attn.tv *.livechatinc.com *.youtube.com *.doubleclick.net *.signifyd.com *.online-metrix.net *.borderfree.com *.google.com *.freshchat.com *.bounceexchange.com www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.searchspring.net *.borderfree.com *.bazaarvoice.com *.attentivemobile.com *.livechatinc.com acsbap.com *.attn.tv *.bing.com *.doubleclick.net *.curalate.com *.signifyd.com *.online-metrix.net *.google.com *.trackedlink.net *.googleusercontent.com *.bigmarker.com *.gravatar.com *.cloudfront.net *.freshchat.com *.afterpay.com *.afterpay.com.au *.bouncex.net *.bounceexchange.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com data: *.gstatic.com *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.searchspring.net *.borderfree.com *.bazaarvoice.com *.bing.com *.livechatinc.com *.doubleclick.net acsbap.com *.trackedlink.net *.attn.tv *.curalate.com *.signifyd.com *.googleapis.com *.google.com *.bigmarker.com *.freshchat.com *.afterpay.com *.wknd.ai *.bounceexchange.com *.acsbapp.com acsbapp.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net connect.facebook.net twitter.com platform.twitter.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ display.ugc.bazaarvoice.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.fonts.net *.bootstrapcdn.com *.searchspring.net *.borderfree.com *.bazaarvoice.com *.bigmarker.com *.freshchat.com *.afterpay.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.cardinalcommerce.com *.bing.com *.acsbap.com *.curalate.com *.google-analytics.com *.bazaarvoice.com *.borderfree.com *.signifyd.com *.authorize.net *.attn.tv *.doubleclick.net *.afterpay.com *.bouncex.net *.acsbapp.com acsbapp.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://d492fa440c9db5c4abd4ccfcfb8e4f4c.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' *.typekit.net *.google.com *.gstatic.com *.marshmma.com *.cloudinary.com *.wistia.net *.cloudflare.com *.jsdelivr.net *.google-analytics.com *.googletagmanager.com *.trustarc.com 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.es ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.es *.spreadshirt.es ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.es ; font-src 'self' https: data: *.spreadshirt.es ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.es ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.es ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: http://geo.nls.uk ; font-src https: data: ; report-uri https://csp.rcahms.gov.uk/canmore-live ; 1
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://*.google-analytics.com *.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://www.googletagmanager.com www.googletagmanager.com https://*.hotjar.com:* *.hotjar.com:* https://*.hotjar.io *.hotjar.io; font-src 'self' https://*.hotjar.com *.hotjar.com https://*.hotjar.io *.hotjar.io; form-action 'self'; frame-ancestors 'self'; frame-src https://*.youtube.com *.youtube.com https://*.vimeo.com *.vimeo.com https://*.hotjar.com:* *.hotjar.com:* https://*.hotjar.io *.hotjar.io https://staticcdn.co.nz; img-src 'self' https://api.swiftype.com api.swiftype.com https://*.google-analytics.com *.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://www.googletagmanager.com www.googletagmanager.com https://*.hotjar.com:* *.hotjar.com:* https://*.hotjar.io *.hotjar.io https://staticcdn.co.nz blob: data:; media-src https://*.youtube.com *.youtube.com https://*.vimeo.com *.vimeo.com; object-src 'none'; script-src 'self' https://api.swiftype.com api.swiftype.com https://*.google-analytics.com *.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://*.googletagmanager.com *.googletagmanager.com https://www.googletagmanager.com www.googletagmanager.com https://www.youtube.com www.youtube.com https://s.ytimg.com s.ytimg.com https://*.hotjar.com:* *.hotjar.com:* https://*.hotjar.io *.hotjar.io https://*.static.hotjar.com *.static.hotjar.com https://*.gstatic.com *.gstatic.com 'nonce-NTEzYzY4MzcyMjdkZjkyZDkyODg4NjE5NTE3MjBlNWJkZmU5MTNkMTU0MWIyNDE4Y2RhN2I5OTk0YjNjYTAyM2IwMTFkZTQxMzU2OGJkZDYxNmQ4ZWM0ZThlMDFlZmZlNjQ1MzQ2ZGI2NDRkNDRkOTE4NDhmMmI0YmVhNjhiMDQ=' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; report-uri https://report-to-api.raygun.com/reports-csp?apikey=weTLotI0TZaW1Epw9XXRUg; upgrade-insecure-requests 1
default-src 'self' https://www.viewpointmag.com; require-sri-for script 1
default-src 'self' blob:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://themes.googleusercontent.com https://wcdn.3cx.com https://wstatic.3cx.com https://d20hvw4zeymqbm.cloudfront.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wcdn.3cx.com https://wstatic.3cx.com https://www.googletagmanager.com https://d20hvw4zeymqbm.cloudfront.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com  https://login.3cx.com	 https://www.google-analytics.com https://ct.capterra.com tpc.googlesyndication.com pagead2.googlesyndication.com https://ssl.geoplugin.net https://services.3cx.com https://ajax.googleapis.com https://connect.facebook.net https://maps.googleapis.com www.gstatic.com;object-src 'none';img-src * data: blob:;connect-src 'self' https://wcdn.3cx.com https://wstatic.3cx.com https://webapi.3cx.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net sipcy.3cx.com www.facebook.com translate.googleapis.com;child-src 'self' https://www.youtube.com blob:; frame-src 'self' https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.youtube.com https://www.googletagmanager.com; block-all-mixed-content; report-uri /csp/; 1
default-src 'self' 'unsafe-inline' fontplus.jp *.fontplus.jp www.google-analytics.com www.googletagmanager.com *.sibulla.com www.w3.org https://s3-ap-northeast-1.amazonaws.com/fontplus-wa/; font-src 'self' https://* blob: data:; img-src https://* blob: data:; 1
connect-src 'self' https://createsend.com; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.twitter.com; img-src 'self' data: https://*.twimg.com https://*.twitter.com platform.twitter.com https://www.google-analytics.com https://stats.g.doubleclick.net; report-uri /report-csp-violation; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ieep.createsend.com https://www.google-analytics.com/analytics.js https://*.twitter.com https://*.twimg.com https://js.createsend1.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com platform.twitter.com https://*.twimg.com; 1
style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' bat.bing.com www.gstatic.com s.adroll.com d.adroll.com connect.facebook.net googleapis.com www.google-analytics.com www.googletagmanager.com; report-uri https://csp.withgoogle.com/csp/webpass/20191113_experiment 1
default-src 'self' 'unsafe-inline' data: *.csbs.org *.googleapis.com *.gstatic.com *.googleusercontent.com *.google.com *.addtoany.com *.twitter.com *.twimg.com *.dayforcehcm.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.google-analytics.com *.doubleclick.net *.youtube.com *.cld.bz *.tableau.com  *.powerbi.com *.soundcloud.com soundcloud.com govmatters.tv youtu.be *.hotjar.com; report-uri /report-csp-violation 1
report-uri https://csp-receiver.booking.com/csp_violation?type=report&tag=112&pid=7d065f7660dc00c0&e=UmFuZG9tSVYkc2RlIyh9YRSKMlvRDsSPR3o5_Jvtkc_mtey2dMo6U8gwP4RakpmZ&f=2&s=0; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; object-src 'self'; child-src 'self'; frame-ancestors 'self'  1
connect-src 'self' https://s.yimg.com https://rtr.innovid.com https://*.yahoo.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://*.yahoo.net https://ad.doubleclick.net; style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; img-src 'self' data: blob: about: https://*.yimg.com https://*.yahoo.com https://sb.scorecardresearch.com https://*.doubleclick.net https://*.adsafeprotected.com https://*.googlesyndication.com; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=IN&lang=en-IN&device=desktop&yrid=8ipni7lfmr6qg&partner=; 1
default-src 'self'; base-uri 'self'; connect-src 'self' bam.nr-data.net sentry.io *.freshworksapi.com wss://*.freshworksapi.com www.google-analytics.com heapanalytics.com www.in-freshbots.ai *.pusher.com; font-src 'self' d2kkxpr90r7bn1.cloudfront.net d1sckjqmjceuzg.cloudfront.net d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d19xna7hjw3pa8.cloudfront.net d124jz4vokxtqd.cloudfront.net d28y7gk8dndm8e.cloudfront.net maxcdn.bootstrapcdn.com fonts.gstatic.com data:; frame-src 'self' *.webpush.freshchat.com *.freshreports.com wchat.freshchat.com *.freshid.io *.freshworks360.io *.chargebee.com *.myfreshworks.dev *.freshworksweb.com freshdesk.com *.freshworks.com *.int.myfreshworks.dev; img-src 'self' *.freshworks.com d2kkxpr90r7bn1.cloudfront.net d1sckjqmjceuzg.cloudfront.net d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d19xna7hjw3pa8.cloudfront.net d124jz4vokxtqd.cloudfront.net d28y7gk8dndm8e.cloudfront.net *.freshid.io www.google-analytics.com data: *.freshworksapi.com *.freshworks360.io *.myfreshworks.dev freshrelease-public-assets.s3.us-east-1.amazonaws.com blob: heapanalytics.com cdn.in-freshbots.ai cdn.freshbots.ai; manifest-src 'self'; media-src 'self' https:; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-eval' accounts.freshworks.com bam.nr-data.net d2kkxpr90r7bn1.cloudfront.net d1sckjqmjceuzg.cloudfront.net d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d19xna7hjw3pa8.cloudfront.net d124jz4vokxtqd.cloudfront.net d28y7gk8dndm8e.cloudfront.net js-agent.newrelic.com polyfill.io wchat.freshchat.com sentry.io js.chargebee.com www.google-analytics.com *.freshworksapi.com heapanalytics.com *.heapanalytics.com cdn.in-freshbots.ai stats.pusher.com; style-src 'report-sample' 'self' 'unsafe-inline' accounts.freshworks.com d2kkxpr90r7bn1.cloudfront.net d1sckjqmjceuzg.cloudfront.net d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d19xna7hjw3pa8.cloudfront.net d124jz4vokxtqd.cloudfront.net d28y7gk8dndm8e.cloudfront.net wchat.freshchat.com cdn.in-freshbots.ai; worker-src blob:; report-uri https://vfm4r1o44m.execute-api.us-east-1.amazonaws.com/default/FreshreleaseCSPReport 1
default-src 'self';base-uri 'self' https://*.microsoft.com https://*.skype.com;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.azure.net https://*.s-microsoft.com https://*.ytimg.com https://www.youtube.com https://*.microsoft.com https://*.skypeassets.com https://*.clicktale.net https://*.wx-int.trafficmanager.net https://*.wx-int.skype.com https://*.skype.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net https://connect.facebook.net/;style-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://*.skype.com https://*.skypeassets.com https://*.microsoft.com https://*.s-microsoft.com https://statics-uhf-eus.akamaized.net https://statics-uhf-neu.akamaized.net https://statics-uhf-wus.akamaized.net https://statics-uhf-eas.akamaized.net https://*.msecnd.net;img-src 'self' data: blob: https://docs.botframework.com https://bot-framework.azureedge.net https://*.skype.com https://*.skypeassets.com https://c.microsoft.com https://*.clicktale.net https://*.microsoft.com https://img-prod-cms-rt-microsoft-com.akamaized.net https://www.facebook.com https://*.msecnd.net https://ad.doubleclick.net https://adservice.google.com;font-src data: https://*.skypeassets.com https://*.s-microsoft.com https://*.microsoft.com https://assets.onestore.ms https://*.skype.com https://fonts.gstatic.com;media-src 'self' data: blob: https://*.skypeassets.com https://*.skype.com;connect-src https://*.skype.com https://*.clicktale.net https://*.microsoft.com https://*.live.com https://*.skypeassets.com wss://*.trouter.skype.com https://web.vortex.data.microsoft.com https://prod-video-cms-rt-microsoft-com.akamaized.net https://eus-streaming-video-rt-microsoft-com.akamaized.net https://wus-streaming-video-rt-microsoft-com.akamaized.net;object-src 'none';frame-ancestors 'none';frame-src 'self' https://*.microsoft.com https://*.skype.com https://*.live.com https://www.youtube.com;form-action https://login.skype.com;report-uri https://edge.skype.com/r/c; 1
default-src 'self' data: blob: *.bailliegifford.com https://d2yo5j8385mod6.cloudfront.net http://video.bailliegifford.com https://diny04oi6alqe.cloudfront.net https://d1jbu16z788zgx.cloudfront.net https://*.gstatic.com https://*.googleapis.com https://www.google.com https://servedby.flashtalking.com https://js.maxmind.com https://geoip-js.maxmind.com https://*.typekit.net *.mktoresp.com https://rs.fullstory.com https://*.cookiebot.com/ https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bailliegifford.com data: blob: *.typekit.net https://*.typekit.net https://snap.licdn.com/li.lms-analytics/insight.min.js munchkin.marketo.net http://app-lon09.marketo.com/ https://d1jbu16z788zgx.cloudfront.net https://diny04oi6alqe.cloudfront.net www.googletagmanager.com www.google-analytics.com https://*.google.com https://www.gstatic.com https://maps.googleapis.com https://*.googleapis.com http://4a3dbfdd6470b7f43a03-1ec0805dd88c137a7d9b221342ef4c8b.r63.cf1.rackcdn.com http://pixel.quantserve.com https://secure.quantserve.com http://rules.quantcount.com ssl.p.jwpcdn.com p.jwpcdn.com https://js.maxmind.com https://geoip-js.maxmind.com https://fullstory.com https://js.hs-scripts.com/5368402.js https://js.hs-analytics.net/analytics/ https://*.cookiebot.com/ http://tagmanager.google.com https://static.cloudflareinsights.com/beacon.min.js; style-src 'self' *.bailliegifford.com 'unsafe-inline' https://d1jbu16z788zgx.cloudfront.net https://diny04oi6alqe.cloudfront.net https://*.typekit.net http://app-lon09.marketo.com/js/forms2/css/forms2-theme-simple.css http://app-lon09.marketo.com/js/forms2/css/forms2.css https://*.googleapis.com https://tagmanager.google.com; img-src 'self' *.bailliegifford.com data: https://*.typekit.net https://d2yo5j8385mod6.cloudfront.net https://diny04oi6alqe.cloudfront.net https://d1jbu16z788zgx.cloudfront.net https://stats.g.doubleclick.net https://px.ads.linkedin.com/ https://www.linkedin.com/px/ https://*.gstatic.com https://*.googleapis.com *.bailliegifford.com jwpltx.com www.google-analytics.com https://bglivemedia.blob.core.windows.net https://geo0.ggpht.com/cbk http://pixel.quantserve.com https://pixel.quantserve.com https://track.hubspot.com/__ptq.gif https://www.google.com https://www.googletagmanager.com https://rs.fullstory.com https://www.google.co.uk; frame-ancestors 'self'; media-src 'self' *.bailliegifford.com https://www.bailliegifford.com https://bglivemedia.blob.core.windows.net https://d1jbu16z788zgx.cloudfront.net https://d2yo5j8385mod6.cloudfront.net https://diny04oi6alqe.cloudfront.net blob: *.bailliegifford.com;  font-src 'self' *.bailliegifford.com data: https://*.typekit.net http://*.typekit.net https://diny04oi6alqe.cloudfront.net https://fonts.gstatic.com ssl.p.jwpcdn.com; object-src 'self' ssl.p.jwpcdn.com; frame-src https://*.bailliegifford.com http://www.googletagmanager.com https://www.google.com/recaptcha/ https://servedby.flashtalking.com https://5358203.fls.doubleclick.net https://9001729.fls.doubleclick.net/ https://d14ed0t47z3981.cloudfront.net https://d1jbu16z788zgx.cloudfront.net https://*.cookiebot.com/; report-uri https://bailliegifford.report-uri.com/r/d/csp/reportOnly; 1
base-uri 'none'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'nonce-707878dd-268'; object-src 'self'; img-src 'self' *.regenwald.org data:; connect-src 'self'; block-all-mixed-content; report-uri /csp-violation-report/707878dd-268 1
default-src https:; connect-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
connect-src wss://*.tawk.to *.tawk.to; default-src 'unsafe-inline' wss://*.tawk.to data www.google-analytics.com; style-src 'unsafe-eval' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval'; script-src-elem data 'unsafe-inline'; style-src-attr 'unsafe-inline'; script-src-attr 'unsafe-inline'; font-src data; img-src data; style-src-elem 'unsafe-inline' report-uri https://spryservers.report-uri.com/r/d/csp/wizard 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://security-hub.vaimo.network/api/v2/content-security-policy; report-to report-endpoint; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com *.sharethis.com www.googleadservices.com *.google-analytics.com www.reddittstatic.com s3.amazonaws.com *.paypal.com connect.facebook.net *.pinimg.com www.youtube.com googleads.g.doubleclick.net *.ytimg.com static.doubleclick.net www.bookshark.com www.googleadservices.com js.braintreegateway.com www.paypalobjects.com *.google.com www.paypal.com www.gstatic.com 1
frame-ancestors 'self'; default-src 'self' https:; script-src 'report-sample' 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline' data:; img-src 'self' https: data:; report-uri https://concordia.report-uri.com/r/d/csp/reportOnly; 1
script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' www.google.com seal.digicert.com ajax.googleapis.com a.optmnstr.com www.googletagmanager.com tpc.googlesyndication.com js.stripe.com cdn001.milotree.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net pixel-geo.prfct.co s.pinimg.com script.hotjar.com ssl.p.jwpcdn.com static.hotjar.com tag.marinsm.com www.google-analytics.com www.googleadservices.com www.shopperapproved.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src https: data:; font-src 'self' data: script.hotjar.com static.hotjar.com fonts.gstatic.com ssl.p.jwpcdn.com; connect-src 'self' api.stripe.com prd.jwpltx.com www.facebook.com vc.hotjar.io a.mstrlytcs.com z.opmnstr.com api.optmnstr.com api.opmnstr.com fps.ezdrm.com ct.pinterest.com in.hotjar.com www.google.dk www.google.com.vn www.google.com.pk www.google.com.my www.google.com.kw www.google.co.za www.google.co.ke www.google.co.in www.google.bs www.google.ca www.google.co.in www.google.co.uk www.google.com.au www.google.com.fj www.google.com.ph www.google.com.sa www.google.es www.google.fi www.google.fr www.google.no www.google.se graylog.hotjar.com playready.ezdrm.com *.vimeocdn.com stats.g.doubleclick.net www.google-analytics.com player.vimeo.com *.akamaized.net www.google.com wss://*.hotjar.com insights.hotjar.com *.calcworkshop.com widevine-dash.ezdrm.com; media-src blob: cws.freetls.fastly.net *.calcworkshop.com *.akamaized.net *.vimeocdn.com player.vimeo.com; frame-src 'self' vimeo.com www.googletagmanager.com tpc.googlesyndication.com g.jwpsrv.com js.stripe.com www.youtube.com player.vimeo.com connect.facebook.net cdn001.milotree.com bid.g.doubleclick.net vars.hotjar.com www.facebook.com; form-action 'self' connect.facebook.net www.facebook.com; report-uri https://calcworkshop.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.slachtofferhulp.nl apps.mypurecloud.com dhqbrvplips7x.cloudfront.net *.gstatic.com fonts.googleapis.com vimeo.com *.vimeo.com *.typekit.net *.hotjar.com wss://*.hotjar.com dc.services.visualstudio.com *.vo.msecnd.net www.googletagmanager.com *.google.com *.google.nl googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com; report-uri https://slachtofferhulp.report-uri.com/r/d/csp/reportOnly 1
script-src 'nonce-2hVWh0WJD68VtEZ_VTh8PQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com media.qcsupply.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.affirm.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.olark.com *.google.com *.affirm.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.vimeo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com 'self' data: *.symantec.com *.bootstrapcdn.com *.olark.com *.gstatic.com *.googleapis.com media.qcsupply.com *.groupbycloud.com *.google.com *.google.com.ua *.facebook.net *.facebook.com *.doubleclick.net *.g.doubleclick.net *.bing.com i.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.groupbycloud.com *.google.com *.olark.com static.olark.com *.symantec.com *.mouseflow.com chimpstatic.com *.affirm.com *.qcsupply.com *.gstatic.com *.googleapis.com media.qcsupply.com *.googletagmanager.com *.facebook.net *.bing.com *.doubleclick.net *.vimeocdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.olark.com *.bootstrapcdn.com *.googleapis.com media.qcsupply.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.olark.com *.affirm.com *.groupbycloud.com *.mouseflow.com media.qcsupply.com *.google-analytics.com *.facebook.com *.bing.com *.doubleclick.net *.g.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /iwd_csp/report/log; report-to report-endpoint; 1
default-src 'self' https://cdn.performanceplustire.com https://www.performanceplustire.com; connect-src *.performanceplustire.com https://*.affirm.com https://d38nbbai6u794i.cloudfront.net https://e1.fanplayr.com https://js.callrail.com https://stats.g.doubleclick.net https://tracker.affirm.com https://w1.fanplayr.com https://www.facebook.com https://www.google-analytics.com https://www.iconfigurators.com; font-src *.performanceplustire.com data: https://assets.resultspage.com https://cdn1.affirm.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://sxt.cdn.skype.com; frame-src *.performanceplustire.com https://bid.g.doubleclick.net https://connect.facebook.net https://e1.fanplayr.com https://maps.google.com https://s.thebrighttag.com https://www.facebook.com https://www.googleadservices.com http://www.youtube.com https://www.youtube.com; child-src *.performanceplustire.com https://bid.g.doubleclick.net https://connect.facebook.net https://e1.fanplayr.com https://maps.google.com https://s.thebrighttag.com https://www.facebook.com https://www.googleadservices.com http://www.youtube.com https://www.youtube.com; img-src *.performanceplustire.com cdn.performanceplustire.com data: https://*.cloudfront.net https://aa.agkn.com https://adadvisor.net https://ads.betweendigital.com https://ads.yahoo.com https://assets.resultspage.com https://b.sli-spark.com https://bat.bing.com https://beacon.krxd.net http://cf.kampyle.com https://cm.g.doubleclick.net https://cw.addthis.com https://d.agkn.com https://d38nbbai6u794i.cloudfront.net https://dmp.truoptik.com https://dpm.demdex.net https://dsum-sec.casalemedia.com https://dyn.yelpcdn.com http://farm4.static.flickr.com https://i.ytimg.com https://ib.adnxs.com https://iconfigurators.com https://images.iconfigurators.com https://insight.adsrvr.org https://match.adsrvr.org https://match.sharethrough.com https://nsg.symantec.com https://odr.mookie1.com https://p.adsymptotic.com https://pixel.advertising.com https://pixel.personagraph.com https://pixel.rubiconproject.com https://pixel.tapad.com https://s.thebrighttag.com https://s.w.org http://s3.amazonaws.com https://s3.amazonaws.com https://secure.gravatar.com https://simage2.pubmatic.com https://sp.adbrn.com https://stats.g.doubleclick.net https://su.addthis.com https://sync.adap.tv https://sync.adaptv.advertising.com https://test.kampyle.com https://upload.wikimedia.org https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.iconfigurators.com https://www.insureship.com https://x.bidswitch.net; script-src 'unsafe-eval' 'unsafe-inline' *.performanceplustire.com https://ajax.googleapis.com https://api-cf.affirm.com https://assets.pinterest.com https://assets.resultspage.com https://b.sli-spark.com https://bat.bing.com https://cdn.callrail.com https://cdn.performanceplustire.com https://cdn1.affirm.com https://connect.facebook.net https://d1q7pknmpq2wkm.cloudfront.net https://d38nbbai6u794i.cloudfront.net https://dyn.yelpcdn.com https://e1.fanplayr.com https://js.callrail.com https://log.pinterest.com https://maps.googleapis.com https://my.fanplayr.com https://nsg.symantec.com https://performanceplustire.resultspage.com https://s.btstatic.com https://s.thebrighttag.com https://savingsslider-a.akamaihd.net https://script.crazyegg.com https://w1.fanplayr.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.iconfigurators.com https://www.insureship.com https://www.yelp.com https://yelp.com; style-src 'unsafe-inline' *.performanceplustire.com https://ajax.googleapis.com https://assets.resultspage.com https://cdn1.affirm.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://performanceplustire.resultspage.com https://www.iconfigurators.com 1
default-src * blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=141-3220679-6625751:rid=50T5Y4Z6NTGC90S913YT:sn=www.audible.com 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://uvbshvgaro0wreus1xk28aaq.httpschecker.net/report 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://5b0dfxfhuka0vuk5ju0see3i.httpschecker.net/report 1
script-src an.yandex.ru 'nonce-y8cYVDctPCLQ6UO3qkqVhw==' mc.yandex.ru yandex.ru yastatic.net awaps.yandex.ru;report-uri https://csp.yandex.net/csp?project=morda&from=morda.intercept404.ru&showid=1601032301.98149.95285.126813&h=stable-morda-any-man-yp-9&csp=new&date=20200925&yandexuid=3986299741601032301;img-src avatars.mds.yandex.net 'self' data: awaps.yandex.net an.yandex.ru *.verify.yandex.ru mc.yandex.ru favicon.yandex.net yandex.ru mc.admetrica.ru yastatic.net;child-src yastatic.net mc.yandex.md mc.yandex.ru yandexadexchange.net st.yandexadexchange.net;connect-src yandex.ru mc.admetrica.ru mc.yandex.ru an.yandex.ru;default-src 'none';style-src 'unsafe-inline' yastatic.net 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epix.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.epix.com/ https://api.mixpanel.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://www.gstatic.com/ https://connect.facebook.net/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://src.litix.io/ https://cdnjs.cloudflare.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://*.krxd.net/ https://*.doubleclick.net/ https://www.redditstatic.com/ https://alb.reddit.com/ ; connect-src https://*.epix.com/ https://api.mixpanel.com/ https://sentry.io/ https://*.akamaihd.net/ https://www.facebook.com/ https://1pecbqtlcsq1ilmoio8v0jt7q.litix.io/ https://in.hotjar.com/ https://vc.hotjar.io/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ ; img-src 'self' https://*.epix.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.ae/ https://www.google.com.ar/ https://www.google.com.co/ https://www.google.ro/ https://sync.search.spotxchange.com/ https://pixel.rubiconproject.com/ https://us-u.openx.net/ https://simage2.pubmatic.com/ https://dpm.demdex.net/ https://t.co/ https://www.facebook.com/ https://rtd-tm.everesttech.net https://dsum-sec.casalemedia.com https://sync-tm.everesttech.net/ https://cm.g.doubleclick.net/ ib.adnxs.com https://jslog.krxd.net/ https://beacon.krxd.net https://www.redditstatic.com/ https://alb.reddit.com/ ; style-src 'self' 'unsafe-inline' ; frame-src 'self' https://vars.hotjar.com/ https://*.doubleclick.net/ https://*.krxd.net/ ; media-src blob: https://epixwebapp-vh.akamaihd.net/ ; worker-src blob: ; report-uri https://sentry.io/api/170149/security/?sentry_key=94662fb71ba340bd91fb23bbfb099024&sentry_environment=prod 1
font-src 'self' data: *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.fontawesome.com *.authorize.com *.facebook.net *.facebook.com *.driftt.com *.bootstrapcdn.com *.hubspot.com *.authorize.net *.mailchimp.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.iglobalstores.com *.authorize.net *.spreedly.com *.driftt.com *.hubspot.com *.getbread.com *.hotjar.com www.paypal.com paypal.com *.braintree-api.com *.braintreegateway.com *.addthis.com *.youtube.com www.youtube.com *.online-metrix.net *.signifyd.com *.demdex.net *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com *.google.com *.googleapis.com *.googletagmanager.com *.google.com.ua 'self' data: *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.ytimg.com *.s3.amazonaws.com *.amazonaws.com *.driftt.com *.klaviyo.com *.g.doubleclick.net *.hubspot.com *.authorize.net *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.signifyd.com *.e.aa.online-metrix.net *.bbb.org *.facebook.net *.facebook.com *.hotjar.com *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.secure.force.com *.mailchimp.com cm.everesttech.net *.demdex.net amcglobal.sc.omtrdc.net *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; script-src *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.google.com *.googleapis.com *.googletagmanager.com *.google.com.ua *.gstatic.com *.cloudflare.com *.jsdelivr.net *.trustedshops.com *.usercentrics.eu *.adroll.com d.adroll.mgr.consensu.org *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.spreedly.com *.zonos.com *.yotpo.com *.braintreegateway.com *.bootstrapcdn.com *.driftt.com *.newrelic.com bam.nr-data.net *.nr-data.net *.zopim.com *.facebook.net *.facebook.com *.zdassets.com *.klaviyo.com *.zendesk.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com fast.a.klaviyo.com *.hubspot.com wss://widget-mediator.zopim.com *.cookielaw.org *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.onetrust.com www.paypal.com paypal.com *.signifyd.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.braintree-api.com chimpstatic.com *.mailchimp.com mc.us18.list-manage.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.gstatic.com *.magentocommerce.com *.zonos.com *.yotpo.com *.fontawesome.com *.klaviyo.com *.bootstrapcdn.com *.driftt.com *.authorize.net display.ugc.bazaarvoice.com *.signifyd.com *.facebook.net *.facebook.com *.mailchimp.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com www.google-analytics.com www.googleadservices.com *.gstatic.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.authorize.net *.zonos.com *.yotpo.com *.cloudflare.com *.jsdelivr.net *.trustedshops.com *.usercentrics.eu *.adroll.com d.adroll.mgr.consensu.org *.facebook.net *.facebook.com *.driftt.com *.newrelic.com bam.nr-data.net *.nr-data.net *.zopim.com *.zdassets.com *.klaviyo.com *.zendesk.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com fast.a.klaviyo.com *.hubspot.com wss://widget-mediator.zopim.com *.cookielaw.org *.bazaarvoice.org *.bazaarvoice.com display.ugc.bazaarvoice.com *.getbread.com *.onetrust.com www.paypal.com paypal.com *.signifyd.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.addthis.com *.collect.igodigital.com *.salesforceliveagent.com *.moatads.com *.addthisedge.com *.la1-c2-iad.salesforceliveagent.com *.la1-c2-ord.salesforceliveagent.com *.braintree-api.com *.braintreegateway.com chimpstatic.com *.mailchimp.com *.demdex.net *.tinymce.com *.tiny.cloud 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' *.anglingdirect.co.uk anglingdirect.co.uk cdncache-a.akamaihd.net translate.googleapis.com www.google.com www.gstatic.com expressentry.melissadata.net s.ytimg.com www.youtube.com register.feefo.com api.feefo.com pcls1.craftyclicks.co.uk translate.google.com translate.googleapis.com maps.googleapis.com ffljdddodmkedhkcjhpmdajhjdbkogke tpc.googlesyndication.com *.mention-me.com js.stripe.com static-eu.payments-amazon.com js-agent.newrelic.com scripts.sirv.com bam.eu01.nr-data.net www.googletagmanager.com googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net assets.zendesk.com static.zdassets.com platform.twitter.com www.googleadservices.com *.cloudmaestro.com widget-mediator.zopim.com feed.mikle.com; report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=v2%2Fpartners&source%5Buuid%5D=2dd2f9e2daaf8a63e2a5673de14b359d 1
object-src 'none'; block-all-mixed-content; default-src 'self'; img-src 'self' data: https://biblionix.com/ https://demonstration.biblionix.com https://secure.gravatar.com/; style-src 'self' 'unsafe-inline' https://demonstration.biblionix.com https://www.gstatic.com/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://demonstration.biblionix.com https://www.gstatic.com/ https://cdn.walkme.com/; font-src 'self' https://fonts.gstatic.com/ data:; report-uri https://www.biblionix.com/report/?block=0 1
default-src 'self'; form-action 'none'; frame-ancestors 'none'; script-src https://code.jquery.com/jquery-3.5.1.min.js?ver=3.5.1; style-src https://code.jquery.com/jquery-3.5.1.min.js?ver=3.5.1; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bpoint.com.au/webapi/v2/txns/processiframetxn/ https://www.bpoint.com.au; frame-src 'self' 'unsafe-inline' https://www.bpoint.com.au/ https://www.youtube.com/ https://player.vimeo.com/ https://www.facebook.com/; img-src 'self' https://www.google-analytics.com/ https://6178240.global.siteimproveanalytics.io https://stats.g.doubleclick.net/r/collect; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://siteimproveanalytics.com/js/siteanalyze_6178240.js  https://cdnjs.cloudflare.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' ; report-uri https://www.nhvr.gov.au/report-uri/reportOnly 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: *.callbackhunter.com;  1
default-src 'self' carjam.co.nz *.carjam.co.nz; connect-src 'self' carjam.co.nz *.carjam.co.nz www.google-analytics.com stats.g.doubleclick.net www.facebook.com; font-src 'self' carjam.co.nz *.carjam.co.nz data: d1oe1cut6yqpb4.cloudfront.net fonts.gstatic.com; frame-src 'self' carjam.co.nz *.carjam.co.nz staticxx.facebook.com www.facebook.com connect.facebook.net web.facebook.com www.youtube.com www.googletagmanager.com; img-src *; media-src 'self' carjam.co.nz *.carjam.co.nz www.youtube.com; object-src 'self' carjam.co.nz *.carjam.co.nz; script-src 'self' 'unsafe-inline' https: 'nonce-599c55b7e6' 'strict-dynamic'; style-src 'self' carjam.co.nz *.carjam.co.nz d1oe1cut6yqpb4.cloudfront.net staticxx.facebook.com www.youtube.com 'unsafe-inline'; report-uri https://www.nzpro.com/csp-prod.php; 1
report-uri https://cchome.adobe.io/csp/v1/collect?api_key=CCHomeWeb1; connect-src * data:; img-src * data: blob: about:; frame-src *; media-src *; default-src https: blob:; style-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.adobeccstatic.com *.adobe.com *.clicktale.com about: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.adobelogin.com *.newrelic.com *.nr-data.net *.adobeccstatic.com *.typekit.com *.adobe.com adobe.com *.uservoice.com *.typekit.net *.evidon.com *.demandbase.com *.ccmui.adobe.com *.clicktale.net *.clicktale.com *.everestjs.net *.everesttech.net tags.srv.stackadapt.com *.onetrust.com *.cookielaw.org *.vimeo.com *.youtube.com *.ytimg.com about: blob:; font-src data: *.typekit.net; frame-ancestors 'self' *.instructure.com *.blackboard.com 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor default-src 'self' 'unsafe-inline' www.shelterlogic.com stage.shelterlogic.com *.cloudmaestro.com h.online-metrix.net bat.bing.com ajax.googleapis.com api.hubapi.com cdn.cookielaw.org bid.g.doubleclick.net connect.facebook.net d.adroll.com s.adroll.com fonts.googleapis.com fonts.gstatic.com forms.hsforms.com geolocation.onetrust.com js-hs.analytics.com js.hsadspixel.net js.hsforms.net js.hscollectedforms.net seal-ct.bbb.org secure.quantserve.com track.hubspot.com www.facebook.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' widget.trustpilot.com twitter.com cdn.checkout.com *.gstatic.com googleads.g.doubleclick.net *.twitter.com cdn.mouseflow.com  js-agent.newrelic.com   *.googleapis.com  *.nr-data.net *.googleadservices.com *.ads-twitter.com intl-tel-input.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.freshchat.com *.freshmarketer.com *.cloudflare.com *.google.com;style-src 'self' 'unsafe-inline' cdn.checkout.com *.googleapis.com *.cloudflare.com *.freshchat.com;img-src 'self' data: stats.g.doubleclick.net *.gstatic.com cx.atdmt.com www.google-analytics.com *.google.co.uk *.google.nl *.google.ro *.google.dk *.google.it *.google.co.id *.google.co.in *.google.com.br *.google.com.gh *.google.com.ph *.google.qa *.google.tr *.google.dz *.google.gr *.google.je *.google.pl *.google.sn  *.google.se *.google.ie *.google.cz *.google.fr *.google.es *.google.de cdn.acemoneytransfer.com *.google.com.pk *.google.com.ng *.google.be *.google.fi *.google.com.mt *.google.com.bd *.google.com.cy *.google.ca *.google.no *.google.ci *.google.bj *.google.ae *.google.at *.google.pt *.google.com.au *.trustly.com t.co *.facebook.com *.checkout.com ace-promotions.s3-eu-west-1.amazonaws.com *.google.iq customer-id-documents.s3.eu-west-2.amazonaws.com *.google-analytics.com *.googletagmanager.com *.google.com; font-src 'self' *.cloudflare.com cdn.checkout.com *.googleapis.com *.gstatic.com; form-action 'self' *.creditmutuel.fr *.wlp-acs.com gw1.judopay.com pay.judopay-sandbox.com secure.ogone.com;frame-src 'self'  *.wirecard.com *.freshchat.com *.checkout.com widget.trustpilot.com *.facebook.com *.youtube.com bid.g.doubleclick.net *.google.com *.googletagmanager.com; connect-src 'self' stats.g.doubleclick.net *.google-analytics.com *.mouseflow.com; report-uri https://ace4news.com/dev/csp-reporting.php 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src 'self' wss:; report-uri /ping/ 1
default-src * blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=141-8735750-1221200:rid=H3EY6ZJ9KE8VG2QSHDJS:sn=www.audible.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://blogscanada.ca/z-log.php 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 1
default-src 'self'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.akamaihd.net https://*.dynamicyield.com https://*.googletagmanager.com https://*.feedbackify.com https://*.fullstory.com https://*.google-analytics.com https://*.limelight.com https://*.delvenetworks.com https://*.lpsnmedia.net https://*.liveperson.net https://*.bazaarvoice.com https://*.amazonaws.com data:; connect-src 'self' https://*.googleapis.com https://*.akamaihd.net https://*.dynamicyield.com https://*.googletagmanager.com https://*.feedbackify.com https://*.fullstory.com https://*.google-analytics.com https://*.limelight.com https://*.delvenetworks.com data:; font-src 'self' data:; img-src * data:; object-src 'none' ; frame-ancestors 'self' https://*.lpsnmedia.net https://*.liveperson.net https://*.vimeo.com ; child-src 'self' https://*.lpsnmedia.net https://*.liveperson.net https://*.vimeo.com ; frame-src 'self' https://*.lpsnmedia.net https://*.liveperson.net https://*.vimeo.com ; report-uri https://snapav.report-uri.com/r/d/csp/reportOnly; 1
object-src 'none';base-uri 'self';script-src 'nonce-oOXlTgU0m38Ur8bIYsKK' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
default-src 'self';   script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://customer.cludo.com https://ds-aksb-a.akamaihd.net https://help.cybonline.co.uk https://googleservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://fusiontables.google.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://cse.google.com https://www.advanced-web-analytics.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com https://t.contentsquare.net https://contentsquare.com https://webapp.woosmap.com;   style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://platform.twitter.com https://casper.tsbc.com https://healthcheck252.tsbc.com;   img-src 'self' https: ;   font-src 'self' https: ;   connect-src 'self' https://clydesdalebank.tt.omtrdc.net https://clydesdalebank.d3.sc.omtrdc.net https://dpm.demdex.net https://ds-aksb-a.akamaihd.net https://api-eu1.cludo.com https://api.cludo.com https://www.google.com https://www.facebook.com https://www.twitter.com https://www.linkedin.com https://www.youtube.com https://my.cybservices.co.uk https://adservice.google.com https://casper.tsbc.com https://*.contentsquare.net https://api.woosmap.com https://webapp-conf.woosmap.com;   media-src 'self';   object-src 'self';   worker-src 'self' blob:;   child-src 'self' blob:;  frame-src 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk https://clydesdalebankplc.demdex.net https://*.fls.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://assets.adobedtm.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube-nocookie.com https://healthcheck252.tsbc.com;   frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk;   report-uri https://cyburi.report-uri.com/r/t/csp/reportOnly; 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data: https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.maxxim.de https://umfrage.maxxim.de https://pts.maxxim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://cts.communicationads.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://*.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.maxxim.de https://stats.maxxim.de https://imagepool.maxxim.de https://pts.maxxim.de; script-src 'strict-dynamic' 'nonce-141c3cbf74b30d736d4f6b154df21d1c' 'nonce-5c166ddc633bb646fe71d90dcd3832f2' 'nonce-93a686f6c879e1b2d145e9e856af94c9' 'nonce-0cf8f4caa4673338a9f36294cce53160' 'nonce-b3667ae096c3ab668237350d290a5025' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://connect.facebook.net https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de https://*.demdex.net https://pts.maxxim.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com https://*.demdex.net; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-141c3cbf74b30d736d4f6b154df21d1c' 'nonce-5c166ddc633bb646fe71d90dcd3832f2' 'nonce-93a686f6c879e1b2d145e9e856af94c9' 'nonce-0cf8f4caa4673338a9f36294cce53160' 'nonce-b3667ae096c3ab668237350d290a5025' 'self' https: 'report-sample' 1
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playcrucible.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d24yopoqm7oqlq.cloudfront.net; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playcrucible.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d24yopoqm7oqlq.cloudfront.net 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playcrucible.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d24yopoqm7oqlq.cloudfront.net 'unsafe-inline'; img-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playcrucible.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d24yopoqm7oqlq.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data:  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playcrucible.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d24yopoqm7oqlq.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com; frame-src https://www.youtube.com https://*.twimg.com https://player.twitch.tv/  https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playcrucible.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://d24yopoqm7oqlq.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=141-5079738-1604138:rid=02473B8614684A799AFA:sn=www.playcrucible.com 1
default-src 'self' 'unsafe-inline' go.miteksystems.com *.miteksystems.com *.googleusercontent.com *.google.com *.cloudfunctions.net *.facebook.com pi.pardot.com licdn.com *.licdn.com pardot.com cdn.pdst.fm google.com www.googletagmanager.com googletagmanager.com *.googleadservices.com js.adsrvr.org *.facebook.net www.google-analytics.com tag.demandbase.com youtu.be doubleclick.net *.doubleclick.net youtube.com *.youtube.com *.adsrvr.org *.linkedin.com *.adsymptotic.com *.company-target.com *.bidr.io; frame-src 'self' *.youtube.com *.doubleclick.net *.adsrvr.org *.facebook.com; frame-ancestors 'self'; report-uri https://www.miteksystems.com/report-uri/reportOnly 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob: file:; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com; font-src https: data: blob: file:; connect-src 'self' https:; report-uri https://csp-report.force.com/_/ContentDomainCSPNoAuth?type=appserver 1
font-src *.gstatic.com *.googleapis.com *.yotpo.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.mercadolibre.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.yotpo.com *.google.com *.google.com.ar *.facebook.com *.doubleclick.net *.sparta.cl newbalance.cl 'self' data: *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.fanplayr.com *.facebook.net *.yotpo.com *.newrelic.com *.nr-data.net *.doubleclick.net *.magentosite.cloud *.mlstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.sparta.cl *.newbalance.cl *.yotpo.com *.fonts.net *.magentosite.cloud 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.yotpo.com *.nr-data.net *.mercadopago.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src * https://*.tiles.mapbox.com https://api.mapbox.com; default-src blob:; font-src * data:; frame-src * data:; img-src * data: blob:; object-src data:; report-uri /vizql/csp-report; script-src * blob:; style-src * 'unsafe-inline' 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' www.onlinescoutmanager.co.uk; font-src 'self' data: fonts.gstatic.com; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com *.braintreegateway.com www.paypalobjects.com c.paypal.com *.cardinalcommerce.com js.stripe.com checkout.stripe.com browser.sentry-cdn.com 'unsafe-eval'; connect-src 'self' www.onlinescoutmanager.co.uk vod-progressive.akamaized.net *.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com api.stripe.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com checkout.stripe.com sentry.io sockets.onlinescoutmanager.com:3000 wss://sockets.onlinescoutmanager.com:3000; img-src 'self' data: oym-public.s3.eu-west-2.amazonaws.com *.openstreetmap.org i.vimeocdn.com assets.braintreegateway.com checkout.paypal.com *.stripe.com; form-action 'self' *.cardinalcommerce.com; base-uri 'self'; manifest-src 'self' www.onlinescoutmanager.co.uk; child-src 'self' assets.braintreegateway.com c.paypal.com; media-src 'self' player.vimeo.com vod-progressive.akamaized.net; frame-src 'self' www.google.com player.vimeo.com assets.braintreegateway.com c.paypal.com *.cardinalcommerce.com js.stripe.com hooks.stripe.com checkout.stripe.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' www.google.com www.gstatic.com *.braintreegateway.com www.paypalobjects.com c.paypal.com *.cardinalcommerce.com js.stripe.com checkout.stripe.com browser.sentry-cdn.com; report-uri /webhooks/csp/; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://events.fairchildlive.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1
child-src * http: https: 'unsafe-inline' 'unsafe-eval';; connect-src * data: blob: 'unsafe-inline';; default-src * data: blob: 'unsafe-inline' 'unsafe-eval';; font-src * data: blob: 'unsafe-inline';; frame-src * data: blob: ;; img-src * data: blob: 'unsafe-inline';; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';; style-src * data: blob: 'unsafe-inline';; report-uri /_/csp-reports 1
default-src 'self' https:;     script-src 'self' https://www.lexalytics.com https://www.google.com https://*.google.ca https://*.google.co.uk https://*.google.com.ua https://*.google.co.in https://*.google.fr https://*.google.com.au https://*.google.ae https://*.google.cn https://*.google.de https://*.google.es https://*.google.it https://*.google.co.jp https://*.google.com.mx https://*.google.ru https://*.google.com.tr https://www.google-analytics.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://tag.manager.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://vimeo.com https://*.cookiebot.com https://*.hotjar.com https://script.hotjar.com https://code.jquery.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://h8i8e3t9.stackpathcdn.com http://*.pardot.com https://pi.pardot.com https://static.ads-twitter.com https://snap.licdn.com https://a.quora.com https://*.twitter.com https://statuspage-production.s3.amazonaws.com https://*.googlesyndication.com 'unsafe-inline' 'unsafe-eval';     style-src 'unsafe-inline' 'self' https:;     img-src 'self' https: data: http://t.co;     font-src 'self' https: data:;     connect-src wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://*.statuspage.io https://*.g.doubleclick.net https://yoast.com https://my.yoast.com https://h8i8e3t9.stackpathcdn.com https://*.googlesyndication.com 'self';     frame-src https://*.cookiebot.com https://consentcdn.cookiebot.com https://vars.hotjar.com https://*.g.doubleclick.net https://bid.g.doubleclick.net https://success.lexalytics.com https://www.youtube.com https://*.vimeo.com https://*.twitter.com https://syndication.twitter.com 'self';     report-uri https://www.lexalytics.com/csprc;     report-to https://www.lexalytics.com/csprc 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.sentry.io *.sentry-cdn.com *.fontawesome.com *.cloudflare.com *.gstatic.com fonts.gstatic.com *.sf14g.com formalyzer.com  tracking.leadlander.com *.googleapis.com rules.quantcount.com code.jquery.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.doubleclick.net *.quantserve.com gng.netmng.com *.rfihub.com *.google.com *.google-analytics.com *.googletagmanager.com 1
default-src 'self' https: 'unsafe-inline'; img-src https: data:; font-src 'self' https: data:; connect-src 'self' https: wss://*.hotjar.com; object-src 'none'; report-uri https://www.smithsonian.com/_csp_report 1
frame-ancestors 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action https://www.facebook.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-src http://fast.amc.demdex.net https://www.youtube.com https://www.facebook.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; connect-src https://dpm.demdex.net http://dpm.demdex.net https://www.paypal.com https://eu1-search.doofinder.com https://shops-si.trustedshops.com https://api.trustedshops.com https://trustbadge.api.etrusted.com https://stats.g.doubleclick.net https://www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src data: http://cm.everesttech.net http://amcglobal.sc.omtrdc.net https://asistentecosmeticatest1.herokuapp.com https://www.google.com https://www.facebook.com https://www.google.es widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; font-src http://widgets.trustedshops.com http://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://asistentecosmeticatest1.herokuapp.com 'self' 'unsafe-inline'; style-src http://fonts.googleapis.com http://maxcdn.bootstrapcdn.com https://asistentecosmeticatest1.herokuapp.com getfirebug.com 'self' 'unsafe-inline'; script-src http://widgets.trustedshops.com http://www.gstatic.com http://www.google.com https://www.googletagmanager.com https://www.dwin1.com https://eu1-search.doofinder.com https://cdn.doofinder.com https://asistentecosmeticatest1.herokuapp.com https://cdnjs.cloudflare.com/ https://connect.facebook.net https://googleads.g.doubleclick.net assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' *.donately.com;child-src blob:;connect-src 'self' data: wss://nexus-websocket-a.intercom.io api.donately.com api.hubapi.com *.px-cloud.net  *.intercom.io *.segment.io stats.g.doubleclick.net googleads.g.doubleclick.net www.facebook.com www.google-analytics.com *.dca0.com heatmap-events-collector.instapage.com *.px-cdn.net *.pxchk.net www.google.com api.segment.io *.ucweb.com; font-src 'self' data: fonts.gstatic.com js.intercomcdn.com; form-action www.facebook.com;frame-src www.facebook.com www.google.com bid.g.doubleclick.net *.dca0.com;img-src * data:;manifest-src 'self';worker-src blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com cdn.heapanalytics.com cdn.trackjs.com connect.facebook.net dev.visualwebsiteoptimizer.com js.hs-scripts.com tracking.g2crowd.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com js.intercomcdn.com *.adroll.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hs-analytics.net d.adroll.mgr.consensu.org googleads.g.doubleclick.net widget.intercom.io *.dca0.com cdn.segment.com *.ucweb.com;script-src-elem 'self' data: 'unsafe-inline' ajax.googleapis.com cdn.donately.com cdn.heapanalytics.com cdn.trackjs.com connect.facebook.net d.adroll.com d.adroll.mgr.consensu.org dev.visualwebsiteoptimizer.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.intercomcdn.com s.adroll.com tracking.g2crowd.com widget.intercom.io www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com *.segment.com g.fastcdn.co *.dca0.com tcp.googlesyndication.com;style-src-attr 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.segment.com;style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com; report-uri https://donately.report-uri.com/r/d/csp/reportOnly 1
script-src 'nonce-opSPlF1JBCIlMXERWR9tRQ' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com gitcdn.github.io www.google-analytics.com kit.fontawesome.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com gitcdn.github.io cdnjs.cloudflare.com kit-free.fontawesome.com; img-src 'self' data: www.google-analytics.com code.jquery.com ffbeequip.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com kit-free.fontawesome.com; connect-src 'self' www.google-analytics.com firebasestorage.googleapis.com https://api.github.com https://discordapp.com https://api.imgur.com/3/image; media-src 'none'; object-src 'none'; child-src 'self'; worker-src 'self'; frame-src 'self'; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://ffbeequip.report-uri.com/r/d/csp/reportOnly 1
report-uri /csp-report-endpoint.php 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.mouseflow.com *.google-analytics.com *.chargebee.com; frame-src 'self' *.chargebee.com; object-src 'self'; report-uri /scripts/csp-report.php; 1
child-src 'self'; connect-src 'self' http://*.google-analytics.com https://*.amplitude.com https://*.facebook.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.intercom.io https://*.intercomcdn.com https://*.nr-data.net https://*.pusher.com https://*.stream-io-api.com wss://*.intercom.io wss://*.pusher.com wss://*.pusher.com:443 wss://*.stream-io-api.com; default-src 'self'; font-src 'self' https://*.cloudflare.com https://*.fontawesome.com https://*.gstatic.com https://*.intercomcdn.com; frame-src 'self' https://*.facebook.com https://*.g.doubleclick.net https://*.google.com https://*.hotjar.com https://*.snapchat.com https://*.youtube.com https://slimfaq.com; img-src 'self' http://*.google-analytics.com http://t.co https://*.facebook.com https://*.fbsbx.com https://*.fprg2-1.fna.fbcdn.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.ca https://*.google.ch https://*.google.co.jp https://*.google.co.uk https://*.google.com https://*.google.com.gh https://*.google.com.gi https://*.google.com.uy https://*.google.cz https://*.google.ie https://*.google.it https://*.google.nl https://*.googletagmanager.com https://*.gstatic.com https://*.intercomassets.com https://*.intercomcdn.com https://*.nr-data.net https://*.paypalobjects.com https://*.playerslounge.co https://*.slimfaq.com https://t.co; manifest-src 'self'; media-src 'self' https://*.intercomcdn.com; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.ads-twitter.com http://*.facebook.net http://*.google-analytics.com http://*.googleadservices.com https://*.ads-twitter.com https://*.amplitude.com https://*.berbix.com https://*.cloudflare.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.intercom.io https://*.intercomcdn.com https://*.newrelic.com https://*.nr-data.net https://*.pusher.com https://*.ravepay.co https://*.slimfaq.com https://*.tiktok.com https://*.twitter.com https://sc-static.net wss://*.intercom.io wss://*.pusher.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.cloudflare.com https://*.fontawesome.com https://*.googleapis.com https://*.slimfaq.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_24bafb4d41412e492b326a58c4bdb066 1
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ch ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.ch *.spreadshirt.ch ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.ch ; font-src 'self' https: data: *.spreadshirt.ch ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ch ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ch ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.my&source%5Bsection%5D=brochure&source%5Buuid%5D=a497bb90a91451910ef69cc6678f752e 1
default-src 'self' *.pstatp.com *.bytecdn.cn 'unsafe-inline' blob: data: cdn.bootcss.com i.snssdk.com mcs.snssdk.com m.toutiao.com;script-src 'self' *.pstatp.com *.bytecdn.cn 'unsafe-inline' 'unsafe-eval' blob: data: cdn.bootcss.com i.snssdk.com mcs.snssdk.com m.toutiao.com;frame-src hotsoon.snssdk.com www.huoshan.com;img-src * data:;media-src *;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=huoshan_web 1
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' web-in21.mxradon.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com snap.licdn.com connect.facebook.net cdnjs.cloudflare.com js.zohostatic.com salesiq.zoho.com maxcdn.bootstrapcdn.com googleads.g.doubleclick.net px.ads.linkedin.com api.tiles.mapbox.com; style-src 'self' 'unsafe-inline' css.zohostatic.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' data: blob: img.zohostatic.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.google.com www.google.co.in; font-src 'self' fonts.gstatic.com fonts.googleapis.com; connect-src 'self' api.locus.sh wss://vts.zohopublic.com api.mapbox.com *.tiles.mapbox.com; media-src 'self' ; frame-src salesiq.zohopublic.com; worker-src 'self' blob: ; report-uri https://locus.report-uri.com/r/d/csp/reportonly; 1
base-uri 'self'; default-src 'self'; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https://*.irl.com https://fonts.googleapis.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://*.irl.com; connect-src 'self' https://*.irl.com https://*.ingest.sentry.io https://vimeo.com; font-src https://fonts.gstatic.com; form-action mailto:; frame-src https://cal.irl.com https://accounts.google.com https://player.vimeo.com; object-src 'none'; report-uri https://o352720.ingest.sentry.io/api/1551799/security/?sentry_key=8fd426ee7b954309bf45ae6ccbb1dab4&sentry_environment=production 1
report-uri https://www.tv5unis.ca/csp-report;default-src 'self' *.googlesyndication.com ;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.scorecardresearch.com *.google-analytics.com *.gstatic.com *.m32.media cdn.ampproject.org sc-static.net static.hotjar.com ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.facebook.com *.google.ca *.google.com *.googleusercontent.com *.google-analytics.com *.googlesyndication.com *.scorecardresearch.com bcp.crwdcntrl.net platform-lookaside.fbsbx.com https://image-proxy.tv5unis.ca securepubads.g.doubleclick.net ;media-src 'self' blob: ;frame-src 'self' *.firebaseapp.com/ *.googlesyndication.com ff.doubleclick.net imasdk.googleapis.com vars.hotjar.com tr.snapchat.com ;font-src 'self' data: ;connect-src 'self' *.adnxs.com *.amazon-adsystem.com *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.google-analytics.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.llnw.net *.m32.media *.scorecardresearch.com bcp.crwdcntrl.net cdn.ampproject.org cdn.jsdelivr.net licensing.bitmovin.com platform-lookaside.fbsbx.com sc-static.net sentry.io static.hotjar.com us-central1-m32-infrastructure.cloudfunctions.net vendorlist.consensu.org https://api.tv5unis.ca https://image-proxy.tv5unis.ca ;worker-src 'self' blob: ;form-action 'self' ; 1
script-src 'nonce-h9D82MZSY98j1S6o8Oxpsw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/www_google; base-uri 'none' 1
block-all-mixed-content; report-uri https://www.matrony.ru/https-mixed-content-logger/csp_report_log.php; 1
report-uri https://www.yelp.com/csp_report_only?id=12f895d031af8a09&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601014955; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.youtube.com *.siteimprove.com *.googleapis.com *.gstatic.com *.google-analytics.com https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.googleapis.com *.gstatic.com *.google-analytics.com https://www.googletagmanager.com https://www.youtube.com *.siteimprove.com *.ytimg.com *.hubbardone.com;object-src 'self'; img-src 'self' *.google-analytics.com https://www.googletagmanager.com *.siteimprove.com;font-src 'self' *.gstatic.com; connect-src 'self';frame-ancestors 'self' *.googleapis.com *.gstatic.com *.google-analytics.com https://www.googletagmanager.com; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/reportOnly 1
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net  pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net  *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbfweb.report-uri.com/r/d/csp/reportOnly 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.addthis.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com *.fbcdn.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net js.stripe.com m.stripe.com x.klarnacdn.net klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
; report-uri 1
default-src 'none'; script-src 'self' 'unsafe-inline' assets.chargeover.com *; connect-src 'self'  api.segment.io  collect.albacross.com  *.doubleclick.net  api.chatlio.com  api-cdn.chatlio.com  wss://ws.pusherapp.com  *.pusher.com  *.pingdom.net  geoip-js.com ; media-src w.chatlio.com; object-src 'self'; worker-src 'none'; img-src 'self'  data:  *.chargeover.com  assets.chargeover.com  ssl.gstatic.com  www.gstatic.com  www.google-analytics.com  *.doubleclick.net  googleads.g.doubleclick.net  www.facebook.com  www.google.com  collect.albacross.com  *.ads.linkedin.com  p.adsymptotic.com  www.linkedin.com  www.googletagmanager.com  www.google.co.uk  www.google.com.au  w.chatlio.com  secure.gravatar.com  cdn.jsdelivr.net avatars.slack-edge.com  assets-mktg-chargeover.global.ssl.fastly.net ; style-src 'self' 'unsafe-inline' assets.chargeover.com fonts.googleapis.com w.chatlio.com tagmanager.google.com assets-mktg-chargeover.global.ssl.fastly.net; font-src 'self' data: *.chargeover.com fonts.gstatic.com w.chatlio.com assets-mktg-chargeover.global.ssl.fastly.net; frame-src player.vimeo.com bid.g.doubleclick.net; frame-ancestors 'none'; form-action 'self'; report-uri https://app.chargeover.com/contentsecuritypolicy 1
frame-ancestors 'self'; report-uri https://csp-receiver.booking.com/csp_violation?type=report&tag=112&pid=4ebd28efcb4c009b&e=UmFuZG9tSVYkc2RlIyh9YYYdGuViorKPYSFDGcL1enbArOcO5e06cDHrl0R1nEfn&f=2&s=0; 1
default-src 'self' *.localphone.com *.localphone.co.uk https://*.tawk.to wss://*.tawk.to; img-src * data: ; child-src *; frame-src *; script-src 'self' 'unsafe-inline' *.localphone.com https://*.google.com https://ajax.googleapis.com http://www.google-analytics.com https://*.gstatic.com https://*.g.doubleclick.net https://www.googleadservices.com https://www.facebook.com https://*.tawk.to https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.localphone.com https://*.googleapis.com https://cdn.jsdelivr.net; font-src 'self' data: fonts.gstatic.com https://*.tawk.to https://sxt.cdn.skype.com; connect-src 'self' *.localphone.com https://*.tawk.to wss://*.tawk.to; report-uri https://localphone.report-uri.io/r/default/csp/reportOnly 1
default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=metroh&d=2020-09-25 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com www.heartlandamerica.com *.appspot.com widget.trustpilot.com static.criteo.net www.googletagmanager.com www.youtube.com *.listrakbi.com connect.facebook.net static.doubleclick.net www.googletagmanager.com *.akamaized.net widget.us.criteo.com www.google-analytics.com bat.bing.com *.googleapis.com www.paypalobjects.com www.paypal.com seal.networksolutions.com www.google.com www.gstatic.com *.criteo.com *.instantsearchplus.com *.googleadservices.com *.yimg.com *.emjcd.com *.pepperjamnetwork.com *.analytics.yahoo.com 1
default-src 'self' 'unsafe-inline' data: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.googleapis.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com connect.facebook.net graph.facebook.com *.youtube.com *.ytimg.com player.vimeo.com content.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com scotland.shinyapps.io; worker-src 'self'; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net script.hotjar.com js-agent.newrelic.com www.googletagmanager.com static.addtoany.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.googleapis.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob:; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: 250-ndu-845.mktoresp.com 250-ndu-845.mktoutil.com script.hotjar.com bam.nr-data.net www.google-analytics.com vc.hotjar.io in.hotjar.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vars.hotjar.com player.vimeo.com 9431564.fls.doubleclick.net; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com bam.nr-data.net ; form-action 'none' data: blob: ; report-uri /csp_report 1
block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.egeszsegkalauz.hu::PROD_21_6_7_AWS 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com; font-src 'self' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com; img-src 'self' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com https://googleadservices.com cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://gstatic.com https://www.gstatic.com https://translate.google.com https://storage.googleapis.com https://translate.googleapis.com https://www.snapengage.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://www.recaptcha.net https://www.google-analytics.com https://www.aakashhealthcare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; report-uri https://aakashhealthcare.com/report-uri/reportOnly 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.dentalkart.com dentalkart.com fusion.ameyoemerge.in:8887 www.googletagmanager.com analytics.notifyvisitors.com www.googleadservices.com www.google-analytics.com *.hotjar.com connect.facebook.net *.google.com ssl.gstatic.com checkout.razorpay.com *.cloudmaestro.com googleads.g.doubleclick.net www.gstatic.com www.notifyvisitors.com cdnp.notifyvisitors.com cdn.notifyvisitors.com s3.amazonaws.com push.notifyvisitors.com 1
default-src 'self' https:; child-src 'self' vimeo.com player.vimeo.com boards.greenhouse.io www.google.com; connect-src wss://* 'self' *.intercom.io *.intercomcdn.com s3.amazonaws.com js.leadin.com js.hs-scripts.com forms.hubspot.com; font-src data: *; frame-src 'self' boards.greenhouse.io; img-src data: 'unsafe-inline' *; object-src 'none'; script-src 'unsafe-inline' *; style-src 'unsafe-inline' *; upgrade-insecure-requests; report-uri https://cobalt.report-uri.io/r/default/csp/enforce 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data: https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://umfrage.smartmobil.de https://pts.smartmobil.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://cts.communicationads.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://*.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.smartmobil.de https://stats.smartmobil.de https://imagepool.smartmobil.de https://pts.smartmobil.de https://seal.globalsign.com https://ssif1.globalsign.com; script-src 'strict-dynamic' 'nonce-d5b766bcdb7f8213237989206653e532' 'nonce-838906c44f4a5b530ee479029e0dda5d' 'nonce-924da5c81bbcb1c797a8a8a6513a1f96' 'nonce-0d9d04f5700aa0a1e390affbce436d2f' 'nonce-f0f3cfbdec25b5eec242a4f58c8b726a' 'nonce-31717e45ae5dc088b76731a2a9bc7132' 'nonce-ba634124268111000a6873a34e2220c9' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://connect.facebook.net https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de https://*.demdex.net https://pts.smartmobil.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com https://*.demdex.net; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-d5b766bcdb7f8213237989206653e532' 'nonce-838906c44f4a5b530ee479029e0dda5d' 'nonce-924da5c81bbcb1c797a8a8a6513a1f96' 'nonce-0d9d04f5700aa0a1e390affbce436d2f' 'nonce-f0f3cfbdec25b5eec242a4f58c8b726a' 'nonce-31717e45ae5dc088b76731a2a9bc7132' 'nonce-ba634124268111000a6873a34e2220c9' 'self' https: 'report-sample' 1
default-src 'self'; base-uri 'none'; connect-src 'self' https://translate.googleapis.com https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://translate.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com; object-src 'none'; script-src 'self' 'nonce-ESPFvrH1t+6hKqRUqsjMRg==' 'unsafe-inline' https://translate.googleapis.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com; report-to default; report-uri https://mariusschulz.report-uri.com/r/d/csp/reportOnly 1
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com js.pusher.com d14jnfavjicsbe.cloudfront.net a.opmnstr.com a.quora.com ajax.googleapis.com www.googleoptimize.com amplify.outbrain.com analytics.twitter.com a.omappapi.com sdk.loyaltylion.net *.loyaltylion.net assets.voyagetext.com js.recurly.com b1img.com bat.bing.com cdk.shopmsg.me cdn.fuelx.com cdn.jsdelivr.net cdn.pbbl.co cdn.shopmsg.me cdn.taboola.com cdn1.affirm.com cdnjs.cloudflare.com connect.facebook.net  d.adroll.com *.cloudfront.net e.fomo.com edge.fullstory.com geocode.usefomo.com googleads.g.doubleclick.net js.b1js.com load.fomo.com loader.wisepops.com platform.shopmsg.me rules.quantcount.com s.adroll.com s.pinimg.com sc-static.net secure.quantserve.com secure.trust-provider.com static.ads-twitter.com static.zdassets.com staticw2.yotpo.com tags.b1js.com trc.taboola.com use.fontawesome.com use.typekit.net v2.zopim.com www.dojomojo.com www.facebook.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com www.dojomojo.ninja assets.zendesk.com alb.reddit.com cm.g.doubleclick.net spotter.fuel451.com www.lensabl.com www.lensable.com lensable.com lensabl.com fullstory.com js.stripe.com static-na.payments-amazon.com maps.googleapis.com getdrip.com cdn.lensabl.com *.getdrip.com *.klaviyo.com cdn.equalweb.com fast.a.klaviyo.com s3.amazonaws.com www.trustedsite.com js-agent.newrelic.com shop.pe bam.nr-data.net addshoppers.s3.amazonaws.com shopper.shop.pe static.fittingbox.com widget-mediator.zopim.com d.adroll.mgr.consensu.org s.dca0.com sn.dca0.com lore.deduce.com api.dealspotr.com cdn.wove.com code.jquery.com s3-us-west-2.amazonaws.com 1
default-src 'none'; img-src 'self' data: https://q.quora.com https://www.google.com/ads https://www.google.co.uk/ads https://static.localcoinswap.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://insights.hotjar.com https://static.hotjar.com; font-src 'self' data: https://static.localcoinswap.com https://fonts.gstatic.com https://static.hotjar.com; media-src 'self' https://static.localcoinswap.com; script-src 'self' https://localcoinswap.com https://static.localcoinswap.com https://maps.googleapis.com https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com https://cdn.onesignal.com https://onesignal.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://static.localcoinswap.com https://fonts.googleapis.com https://tagmanager.google.com; connect-src 'self' https://vc.hotjar.io https://api.ipify.org wss://localcoinswap.com https://sentry.localcoinswap.com https://www.facebook.com/tr/ https://maps.google.com https://www.google-analytics.com https://*.hotjar.com:* wss://*.hotjar.com; object-src 'none'; frame-src 'self' https://www.google.com https://vars.hotjar.com https://onesignal.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; manifest-src 'self' https://static.localcoinswap.com; report-uri https://localcoinswap.com/report-csp-violation/ 1
script-src 'nonce-RowcK1f5z-tkpudCot77pw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster; base-uri 'none' 1
default-src 'self' https: wss: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=iregiony&d=2020-09-25 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' maps.googleapis.com *.siteimprove.com; style-src 'self' 'unsafe-inline' *.readspeaker.com; frame-src *.youtube.com; report-uri /report-csp-violation 1
frame-ancestors 'self'; report-uri /csp/report/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' polyfill.io widget.bugyard.io *.twitter.com *.bamboohr.com *.ampproject.org *.cloudflare.com agorbatchev.typepad.com  *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net *.googletagmanager.com *.marketo.com *.marketo.net munchkin.marketo.net *.drift.com *.driftt.com *.swiftypecdn.com *.addtoany.com *.googleadservices.com *.doubleclick.net *.disqus.com *.disquscdn.com; frame-src 'self' *.youtube.com disqus.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.driftt.com *.addtoany.com *.marketo.com *.marketo.net *.doubleclick.net *.twitter.com www.youtube-nocookie.com ; object-src 'self'; report-uri https://gridgain.report-uri.com/r/d/csp/reportOnly 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://static.afterpay.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.addthis.com https://www.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com *.fbcdn.net maps.gstatic.com *.ggpht yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com https://www.google.com https://maps.googleapis.com https://cdnjs.cloudflare.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net https://www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.klevu.com *.klarna.com *.playground.kl *.klarnaevt.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.beerhawk.co.uk *.twitter.com *.facebook.com *.klarna.com *.playground.klarna.com *.klarnaevt.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.antavo.com *.bh-test.antavo.com *.st2.antavo.com *.apt.io r.atp.io *.beerhawk.co.uk *.braintreegateway.com *.gstatic.com *.klarna.com *.playground.klarna.com *.klarnaevt.com *.twitter.com *.youtube.com *.hotjar.com *.facebook.com wchat.eu.freshchat.com *.eu.webpush.freshchat.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.antavo.com *.bh-test.antavo.com data: *.beerhawk.co.uk beerbods.co.uk *.googleadservices.com *.google-analytics.com *.google.co.uk *.postcodeanywhere.co.uk *.paypal.com *.tinifycdn.com *.nosto.com *.klevu.com *.klarna.com *.klarnaevt.com *.playground.klarna.com *.cookielaw.org *.everesttech.net amcglobal.sc.omtrdc.net px.ads.linkedin.com *.bing.com *.zenaps.com *.awin1.com *.googletagmanager.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.antavo.com *.klarna.com *.playground.klarna.com *.klarnaevt.com *.bh-test.antavo.com *.st2.antavo.com *.bing.com *.cardinalcommerce.com *.cloudflare.com *.cloudflareinsights.com *.cookielaw.org *.dwin1.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.hotjar.com *.klevu.com *.licdn.com *.newrelic.com *.nr-data.net *.paypal.com *.pcapredict.com *.ratebeer.com *.trackedlink.net *.trackedweb.net *.twitter.com *.vimeocdn.com *.braintreegateway.com *.postcodeanywhere.co.uk *.measured.com *.nosto.com wchat.eu.freshchat.com *.lr-ingest.io r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.antavo.com *.bh-test.antavo.com *.st2.antavo.com *.cloudflare.com *.cookielaw.org *.klevu.com *.klarna.com *.klarnaevt.com *.playground.klarna.com *.postcodeanywhere.co.uk wchat.eu.freshchat.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.antavo.com *.bh-test.antavo.com *.st2.antavo.com *.cloudflare.com beerbods.co.uk https://dpm.demdex.net *.facebook.com *.facebook.net *.dwin1.com *.cardinalcommerce.com *.braintree-api.com *.braintreegateway.com *.bing.com *.klevu.com *.ksearchnet.com *.newrelic.com *.nr-data.net *.postcodeanywhere.co.uk *.trackedlink.net *.trackedweb.net *.klarna.com *.playground.klarna.com *.klarnaevt.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io *.nosto.com *.lr-ingest.io r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src https://dpm.demdex.net https://amcglobal.sc.omtrdc.net *.klarna.com *.playground.klarna.com *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' data: cdnjs.cloudflare.com api-maps.yandex.ru *.yandex.ru *.semantiqo.com ulclick.ru ulogin.ru vk.com *.facebook.net *.ok.ru *.google-analytics.com *.googleapis.com mc.yandex.ru yandex.st yastatic.net 'nonce-OfGnMHDMgGfGfRUAGtO1lkBtJ2I='; style-src 'self' 'unsafe-inline' vk.com *.facebook.net *.googleapis.com yandex.st; object-src 'self'; img-src 'self' data: api-maps.yandex.ru *.yandex.ru *.caltat.com *.semantiqo.com ulogin.ru vk.com mc.yandex.ru *.yandex.net yandex.st *.google-analytics.com *.cdninstagram.com counter.yadro.ru; media-src 'self'; frame-src 'self' *.semantiqo.com *.aliexpress.com s.click.aliexpress.com ulogin.ru www.youtube.com *.facebook.com vk.com *.ok.ru yastatic.net; font-src 'self' *.gstatic.com data:; connect-src 'self' *.semantiqo.com ulogin.ru *.google-analytics.com *.googleapis.com *.gstatic.com mc.yandex.ru data:; 1
default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com.au ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.com.au *.spreadshirt.com.au ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.spreadshirt.com.au ; font-src 'self' https: data: *.spreadshirt.com.au ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com.au ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com.au ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
font-src https://cdn.fontcdn.ir https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com https://mc.yandex.ru http://cdn.dnky.co https://webchat.dotdigital.com https://app.raychat.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://cdn.fontcdn.ir https://cdn.jsdelivr.net https://fonts.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://app.raychat.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://mc.yandex.ru https://cdn.fontcdn.ir/* https://app.raychat.io https://webchat.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: ; report-uri https://csp.rcahms.gov.uk/bfa-live; 1
default-src https:; img-src 'self'; require-sri-for script style 1
default-src 'self' syndication.twitter.com; script-src js.suedtirolerland.it 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; img-src 'self' data: images2.suedtirolerland.it css.suedtirolerland.it www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.suedtirolerland.it js.suedtirolerland.it; font-src css.suedtirolerland.it; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
font-src *.gstatic.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com data: *.hotjar.com *.google.com *.gstatic.com *.doubleclick.net *.facebook.com *.brand-display.com *.sitescout.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.magentocommerce.com *.facebook.com *.doubleclick.net *.google.com data: *.brand-display.com *.sitescout.com *.googletagmanager.com *.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.bluecore.com *.facebook.net *.googleapis.net *.googleapis.com *.hotjar.com *.googletagmanager.com *.doubleclick.net *.newrelic.com *.nr-data.net *.google.com *.gstatic.com *.brand-display.com *.cloudflare.com *.sitescout.com up.pixel.ad *.xg4ken.com *.usersnap.com data: 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.bluecore.com *.googleapis.com *.hotjar.com *.hotjar.io *.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://scooterscoffee.com/; report-to report-endpoint; 1
script-src 'self' 'unsafe-inline' https://www.dnc.org.nz 'unsafe-eval' https://www.dnc.org.nz; object-src 'self'; 1
default-src 'self'; child-src 'self' blob:; connect-src 'self' https://api.mapbox.com https://events.mapbox.com https://platform.twitter.com https://*.sentry.io https://cdn.sanity.io https://fj76bufg96.execute-api.us-west-2.amazonaws.com https://8qidifgfmb.execute-api.us-west-2.amazonaws.com; frame-src https://js.stripe.com https://platform.twitter.com; img-src 'self' blob: data: https://cdn.sanity.io; script-src 'self' 'unsafe-inline' https://js.stripe.com/v3 https://platform.twitter.com; style-src 'unsafe-inline'; worker-src 'self' blob:; report-uri https://o70939.ingest.sentry.io/api/5260448/security/?sentry_key=f5298ee3a6ed4ee88455e11eacf73297&sentry_environment=production 1
default-src 'none'; connect-src 'self' bat.bing.com www.etracker.de; font-src 'self' data: fonts.gstatic.com; frame-src consentcdn.cookiebot.com mobiloil-wpn.eportrait.de www.kununu.com www.terminland.de www.youtube-nocookie.com; img-src 'self' blob: data: bkk-mobil-oil.de www.bkk-mobil-oil.de analytics.bkk-mobil-oil.de bat.bing.com googleads.g.doubleclick.net www.google.com www.gstatic.com img.youtube.com i.ytimg.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.bkk-mobil-oil.de www.arztauskunftservice3.de bat.bing.com consent.cookiebot.com consentcdn.cookiebot.com code.etracker.com static.etracker.com www.etracker.com www.etracker.de bkk-mobil-oil.novomind.com ecdn.novomind.com www.google.com www.googleadservices.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' www.etracker.de; report-uri https://www2.bkk-mobil-oil.de/report/; report-to csp-endpoint 1
script-src https://us.sttropeztan.com https://m.us.sttropeztan.com 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://cdn.trackjs.com https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://pay.google.com https://cdn.appdynamics.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://us.sttropeztan.com/cspReport.txt; 1
script-src 'nonce-DPTwXsgZREuB_tB7wAwySA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com secure.livechatinc.com webchannel-content.eservice.emarsys.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com imgfly.scarabresearch.com bat.bing.com api.feefo.com register.feefo.com www.facebook.com stats.g.doubleclick.net www.google.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://cdn.lr-ingest.io cdn.livechatinc.com js-agent.newrelic.com bam.nr-data.net salon11120.pcapredict.com connect.facebook.net rum-static.pingdom.net cdn-sitegainer.com d191y0yd6d0jy4.cloudfront.net bat.bing.com cdn.scarabresearch.com static.scarabresearch.com www.google.com www.gstatic.com cdn.polyfill.io register.feefo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com recommender.scarabresearch.com recommender-eu.scarabresearch.com webchannel-content.eservice.emarsys.net rum-collector-2.pingdom.net api.feefo.com collect.feefo.com https://r.lr-ingest.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; 1
media-src 'none'; img-src 'none'; object-src 'none'; worker-src 'none'; script-src 'none'; manifest-src 'none'; style-src 'none'; font-src 'none'; child-src https://us.browser.tcell.insight.rapid7.com/; frame-src https://us.browser.tcell.insight.rapid7.com/; connect-src https://portal.equityadvisorsolutions.com https://athena.equityadvisorsolutions.com https://us.agent.tcell.insight.rapid7.com http://www.myequity.com https://myequity.com http://myequity.com https://us.browser.tcell.insight.rapid7.com/ https://equitynews.trustetc.com; report-uri https://us.browser.tcell.insight.rapid7.com/csp/7ef290d62d2278344d513a767c47ef56f455fe6e7a9faac8e7b7d2c0426326bd?rid=381678237 1
report-uri /csp/report 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.com.co&source%5Bsection%5D=brochure&source%5Buuid%5D=c20d8820b7fd0b3b44c644332e62c649 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  *.cloudmaestro.com *.exair.com *.addthis.com *.moatads.com connect.facebook.net www.googletagmanager.com ajax.googleapis.com bat.bing.com www.google-analytics.com static.ads-twitter.com snap.licdn.com v1.addthisedge.com analytics.twitter.com www.gstatic.com *.google.com 1
font-src *.stackpathdns.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bigboyshobbies.net *.tawk.to *.youtube.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.twitter.com *.google.com *.youtube.com *.addthis.com *.tawk.to *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.stackpathdns.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.bigboyshobbies.net *.clicky.com *.google.com *.tawk.to *.getclicky.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.stackpathdns.com *.bigboyshobbies.net *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.googleadservices.com *.paypal.com *.tawk.to *.getclicky.com *.clicky.com *.payments-amazon.com *.jsdelivr.net *.addthis.com *.moatads.com *.doubleclick.net *.addthisedge.com *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.stackpathdns.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.bigboyshobbies.net *.clicky.com *.payments-amazon.com *.jsdelivr.net *.tawk.to *.getclicky.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.stackpathdns.com *.twitter.com *.paypal.com *.twimg.com *.bigboyshobbies.net *.amazon.com *.clicky.com *.getclicky.com *.google-analytics.com *.doubleclick.net *.tawk.to 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://bigboyshobbies.net; report-to report-endpoint; 1
font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.icons8.com *.fontawesome.com *.hotjar.com *.zopim.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com *.zopim.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com platform.twitter.com *.twitter.com *.zopim.com *.trustpilot.com *.consensu.org *.hotjar.com *.sharethis.com *.google.com *.https://app.clickup.com/t/6gkgpw 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.doubleclick.net *.google.com *.google.co.in *.zopim.com *.zopim.io *.sharethis.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com connect.facebook.net twitter.com platform.twitter.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.trustpilot.com *.sharethis.com *.hotjar.com chimpstatic.com *.zopim.com *.zdassets.com *.doubleclick.net *.google.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.icons8.com *.bootstrapcdn.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.hotjar.com *.hotjar.io *.zopim.com *.sharethis.com *.zdassets.com *.trustpilot.com *.sagepay.co.uk *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'report-sample' 'self' https://apis.google.com/js/plusone.js https://assets.pinterest.com/js/pinit.js https://connect.facebook.net/en_US/fbevents.js https://platform.twitter.com/widgets.js https://seal.thawte.com/getthawteseal https://ssl.google-analytics.com/ga.js https://translate.google.com/translate_a/element.js https://translate.googleapis.com/translate_static/js/element/main.js; style-src 'report-sample' 'self' https://translate.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self' https://accounts.google.com https://apis.google.com https://my.sendinblue.com https://platform.twitter.com https://www.facebook.com https://www.youtube.com; img-src 'self' https://i.ytimg.com https://log.pinterest.com https://ssl.google-analytics.com https://syndication.twitter.com https://www.facebook.com https://www.gstatic.com; manifest-src 'self'; media-src 'self'; report-uri https://5f466512b641482c3e7cf8aa.endpoint.csper.io/; worker-src 'none'; 1
default-src 'self' 2l9u8tyqi4-flywheel.netdna-ssl.com; script-src 'self' 'unsafe-inline' 2l9u8tyqi4-flywheel.netdna-ssl.com google-analytics.com www.google-analytics.com google.com www.google.com www.gstatic.com gstatic.com static.addtoany.com *.wistia.net *.wistia.com; style-src 'self' 'unsafe-inline' 2l9u8tyqi4-flywheel.netdna-ssl.com fonts.googleapis.com; img-src 'self' data: 2l9u8tyqi4-flywheel.netdna-ssl.com stats.g.doubleclick.net google-analytics.com www.google-analytics.com embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; font-src 'self' data: 2l9u8tyqi4-flywheel.netdna-ssl.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' pipedream.wistia.com fg8vvsvnieiv3ej16jby.litix.io distillery.wistia.com; media-src * 'self' https://www.essvote.com; frame-src 'self' www.google.com google.com fast.wistia.net; 1
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data:  http://www.rovid.nl; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ data:; report-uri /report-csp-violation 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';report-uri https://agrian.com/global/csp_report/ 1
font-src *.cloudfront.net 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.doubleclick.net *.nr-data.net *.amphenolrf.com *.typekit.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.affirm.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.cloudfront.net *.youtube.com *.olark.com *.google.com *.google-analytics.com *.affirm.com *.doubleclick.net *.newrelic.com *.nr-data.net *.amphenolrf.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.cloudfront.net 'self' data: *.symantec.com *.bootstrapcdn.com *.olark.com *.gstatic.com *.googleapis.com *.doubleclick.net *.newrelic.com *.nr-data.net *.amphenolrf.com *.typekit.net 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net www.youtube.com *.google.com *.google-analytics.com *.olark.com static.olark.com *.symantec.com *.mouseflow.com chimpstatic.com *.affirm.com *.gstatic.com *.googleapis.com *.cloudfront.net *.doubleclick.net *.newrelic.com *.nr-data.net *.amphenolrf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudfront.net *.cloudflare.com *.olark.com *.bootstrapcdn.com *.googleapis.com *.doubleclick.net *.newrelic.com *.nr-data.net *.amphenolrf.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudfront.net *.google-analytics.com *.olark.com *.affirm.com *.groupbycloud.com *.doubleclick.net *.newrelic.com *.nr-data.net *.amphenolrf.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /iwd_csp/report/log; report-to report-endpoint; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 1
default-src 'self' *.doubleclick.net *.synthetix.com https://stats.g.doubleclick.net; media-src 'self' *.synthetix.com; frame-ancestors 'self' *.doubleclick.net *.hotjar.com *.youtube.com https://widget.trustpilot.com https://www.google.com https://www.facebook.com; frame-src 'self' *.doubleclick.net *.hotjar.com *.youtube.com *.pardot.com https://widget.trustpilot.com https://www.google.com https://www.facebook.com https://www.opinionstage.com https://www.googletagmanager.com https://connect.facebook.net https://embed.ex.co; font-src 'self' *.synthetix.com *.gstatic.com https://cloud.typography.com https://hello.myfonts.net https://benendenglobalassets.blob.core.windows.net https://maxcdn.bootstrapcdn.com https://use.typekit.net https://script.hotjar.com https://cdnjs.cloudflare.com data:; connect-src 'self' *.synthetix.com *.hotjar.com *.google-analytics.com *.doubleclick.net *.playbuzz.com https://www.facebook.com https://vc.hotjar.io https://nexus.ensighten.com https://a.tiles.mapbox.com https://api.postcodes.io https://www.opinionstage.com https://stats.g.doubleclick.net https://www.google.com wss://*.hotjar.com https://api.mapbox.com; style-src 'self' *.googleapis.com *.synthetix.com https://hello.myfonts.net https://cloud.typography.com https://benendenglobalassets.blob.core.windows.net https://benenden.syn-finity.com https://maxcdn.bootstrapcdn.com https://api.mapbox.com https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-elem 'self' *.googleapis.com *.synthetix.com *.pardot.com *.mapbox.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cloud.typography.com https://benendenglobalassets.blob.core.windows.net https://hello.myfonts.net https://benenden.syn-finity.com 'unsafe-inline'; img-src 'self' *.google-analytics.com *.doubleclick.net *.visualwebsiteoptimizer.com *.gstatic.com *.googleapis.com *.facebook.net *.linkedin.com *.synthetix.com *.googletagmanager.com *.hotjar.com *.playbuzz.com *.benenden.co.uk https://nexus.ensighten.com https://secure.adnxs.com https://www.google.co.uk https://www.google.com https://t.co https://www.facebook.com https://benendenhubblobprod.blob.core.windows.net https://b.tiles.mapbox.com https://a.tiles.mapbox.com https://api.mapbox.com https://p.typekit.net https://i.ytimg.com https://www.google-analytics.com https://cm.g.doubleclick.net https://stats.g.doubleclick.net https://ssl.google-analytics.com https://amplifypixel.outbrain.com https://bppmdmxgsg.execute-api.eu-west-1.amazonaws.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data:; script-src 'self' *.googleapis.com *.google-analytics.com *.pardot.com *.visualwebsiteoptimizer.com *.synthetix.com *.doubleclick.net *.responsetap.com *.hotjar.com *.googletagmanager.com *.twitter.com *.playbuzz.com https://pixel.mathtag.com https://vc.hotjar.io https://sjs.bizographics.com https://nexus.ensighten.com https://connect.facebook.net https://secure.frog9alea.com https://static.ads-twitter.com https://www.google.com https://benenden.syn-finity.com https://t.co https://www.facebook.com https://www.google.co.uk https://live-chat-help.com https://www.googleadservices.com https://widget.trustpilot.com https://forbusiness.benenden.co.uk https://api.mapbox.com https://api.postcodes.io https://a.tiles.mapbox.com https://maxcdn.bootstrapcdn.com https://connect.facebook.net https://www.youtube.com https://s.po.st https://s.ytimg.com https://use.typekit.net https://snap.licdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.opinionstage.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.playbuzz.com *.hotjar.com *.twitter.com *.googleapis.com *.synthetix.com *.responsetap.com *.pardot.com *.youtube.com *.mapbox.com *.doubleclick.net https://dev.visualwebsiteoptimizer.com https://nexus.ensighten.com https://ssl.google-analytics.com https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.synthetix.com https://www.google-analytics.com https://connect.facebook.net https://secure.frog9alea.com https://static.ads-twitter.com https://www.googleadservices.com https://benenden.syn-finity.com https://googleads.g.doubleclick.net https://forbusiness.benenden.co.uk https://c5.adalyser.com https://www.opinionstage.com https://s.po.st https://s.ytimg.com https://use.typekit.net https://maxcdn.bootstrapcdn.com https://use.typekit.net https://ad.doubleclick.net https://www.pagespeed-mod.com 'unsafe-inline' data:; report-uri https://benwebteam.report-uri.com/r/d/csp/enforce 1
default-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com wlresults.westlotto.com ergebnisse.westlotto.com www.youtube.com error.westlotto.de www.paypal.com www.paypalobjects.com data: blob: ; script-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com tags.tiqcdn.com t23.intelliad.de js.braintreegateway.com bs.serving-sys.com secure-ds.serving-sys.com www.paypalobjects.com c.paypal.com www.paypal.com connect.facebook.net maps.googleapis.com data1.open-dog.com www.google-analytics.com s3.amazonaws.com www.googletagmanager.com www.pagespeed-mod.com westlotto.loyjoy.com visitor-service-eu-central-1.tealiumiq.com 'unsafe-inline' 'unsafe-eval' data: blob: ; script-src-elem 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com tags.tiqcdn.com t23.intelliad.de visitor-service-eu-central-1.tealiumiq.com js.braintreegateway.com maps.googleapis.com www.paypalobjects.com c.paypal.com www.paypal.com bs.serving-sys.com secure-ds.serving-sys.com connect.facebook.net www.google-analytics.com www.pagespeed-mod.com data1.bresera.com westlotto.loyjoy.com 'unsafe-inline' 'unsafe-eval' data: ; style-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com fonts.googleapis.com translate.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src-elem 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com fonts.googleapis.com adblockers.opera-mini.net 'unsafe-inline' 'unsafe-eval' data: ; connect-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com client-analytics.braintreegateway.com api.braintreegateway.com api.braintreegateway.com payments.braintree-api.com www.paypal.com steganos-api.ciuvo.com www.facebook.com collect-eu-central-1.tealiumiq.com app-westlotto.loyjoy.com wss://www.westlotto.de 'unsafe-inline' 'unsafe-eval'; font-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com www.eurojackpot.de eurojackpot.de www.eurojackpot.com eurojackpot.com fonts.gstatic.com use.typekit.net data: ; img-src 'self' www.westlotto.de westlotto.de www.westlotto.com westlotto.com csi.gstatic.com maps.gstatic.com www.gstatic.com maps.googleapis.com www.google-analytics.com westlotto01.webtrekk.net app-westlotto.loyjoy.com westlotto.loyjoy.com fbc.wcfbc.net lh3.ggpht.com www.facebook.com www.awin1.com c.paypal.com t.paypal.com *.stats.paypal.com c6.paypal.com translate.google.com stats.g.doubleclick.net cx.atdmt.com www.paypal.com www.paypalobjects.com collect-eu-central-1.tealiumiq.com data: blob: ; child-src 'self' www.westlotto.de westlotto.de ergebnisse.westlotto.com www.youtube.com www.sparkassen-internetkasse.de ciuvo.com westlotto.perbit-job.de partners.webmasterplan.com; frame-src 'self' www.westlotto.de westlotto.de ergebnisse.westlotto.com www.youtube.com www.sparkassen-internetkasse.de ciuvo.com westlotto.perbit-job.de westlotto-job.perbit-job.de partners.webmasterplan.com c.paypal.com www.paypal.com data: ; block-all-mixed-content; base-uri 'self'; report-uri https://1934a11189c9ec9d302de0ee10e4c650.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.at ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.at *.spreadshirt.at ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.at ; font-src 'self' https: data: *.spreadshirt.at ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.at ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.at ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://tagmanager.google.com https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.ytimg.com https://www.youtube.com https://*.criteo.com https://*.criteo.net https://*.taboola.com https://*.doubleclick.net https://www.googleadservices.com https://*.hotjar.com https://www.dwin1.com https://*.licdn.com https://*.bing.com https://www.googletagmanager.com https://www.google-analytics.com https://*.msecnd.net https://connect.facebook.net https://*.outbrain.com https://secure.quantserve.com https://rules.quantcount.com https://rum-static.pingdom.net https://*.ads-twitter.com https://ad4m.at https://analytics.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://*.google.sk https://*.linkedin.com https://*.emjcd.com https://sjs.bizographics.com https://az416426.vo.msecnd.net https://*.googleadservices.com https://*.trustpilot.com https://*.googlesyndication.com https://*.leadforensics.com https://*.doubleclick.net https://*.eset.co.uk https://*.bing.com https://*.en25.com https://s.ytimg.com https://cdn1.esetstatic.com https://assets.esetstatic.com https://*.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com https://*.facebook.net https://www.youtube.com https://*.googleapis.com; img-src 'self' 'unsafe-inline' data: https://t.co https://*.taboola.com https://pixel.quantserve.com https://ad4m.at https://*.outbrain.com https://www.google.de https://*.adform.net https://esetassets.blob.core.windows.net https://secure.adnxs.com https://fapi.eset.cz https://snap.licdn.com https://*.google.sk https://*.dotomi.com https://*.emjcd.com https://*.linkedin.com https://*.google.com https://*.ytimg.com https://*.doubleclick.net https://*.bing.com https://*.eset.com https://*.esetstatic.com https://www.google-analytics.com https://*.gstatic.com https://*.facebook.com https://dpm.demdex.net *.eloqua.com https://cm.everesttech.net https://www.googletagmanager.com https://maps.googleapis.com; frame-src https://ad.ad-srv.net/ https://quiz.tryinteract.com https://ad4m.at https://pixel.bsmartdata.com https://*.eset.com https://*.wirewax.com https://*.facebook.com https://*.trustpilot.com https://*.googlesyndication.com https://*.googleapis.com https://*.facebook.net https://*.doubleclick.net https://www.google.com https://www.youtube.com https://int.form.eset.com https://*.hotjar.com https://eset.demdex.net https://www.opinionstage.com; font-src 'self' https://*.hotjar.com https://cdn1.esetstatic.com https://fonts.gstatic.com; connect-src 'self' https://*.doubleclick.net https://*.bing.com https://*.taboola.com https://*.linkedin.vom https://dc.services.visualstudio.com https://*.google.com https://*.eset.com https://*.esetstatic.com https://*.facebook.com https://cookieconsent.eset.com https://api.eset.com https://*.demdex.net https://*.omtrdc.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.pingdom.net https://*.google-analytics.com; media-src 'self' https://*.esetstatic.com; report-uri https://eset.report-uri.com/r/d/csp/wizard; report-to default 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.bootstrapcdn.com *.tradedoubler.com 'self' 'unsafe-inline'; form-action *.twitter.com *.trustpilot.com *.clerk.io *.paypal.com *.braintreegateway.com *.cardinalcommerce.com *.tradedoubler.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.twitter.com *.trustpilot.com *.clerk.io *.cardinalcommerce.com *.authorize.net *.paypal.com *.braintreegateway.com *.kaptcha.com *.craftyclicks.co.uk *.youtube.com *.google.com *.tradedoubler.com 'self' 'unsafe-inline'; img-src *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.vimeocdn.com 'self' data: *.trustpilot.com *.clerk.io *.doubleclick.net *.storyblok.com *.ytimg.com *.gstatic.com *.tradedoubler.com *.tumblr.com *.sooqr.com 'self' 'unsafe-inline'; script-src *.cloudflare.com *.twitter.com *.google-analytics.com *.gstatic.com *.fontawesome.com *.trustpilot.com *.clerk.io *.signifyd.com *.authorize.net *.cardinalcommerce.com *.braintreegateway.com *.paypal.com *.braintree-api.com *.sandbox.braintree-api.com *.kaptcha.com *.craftyclicks.co.uk chimpstatic.com *.sooqr.com *.mailchimp.com *.list-manage.com *.google.com *.tradedoubler.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.fontawesome.com *.trustpilot.com *.clerk.io *.bootstrapcdn.com *.sooqr.com *.mailchimp.com *.tradedoubler.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.cloudflare.com *.twitter.com *.paypal.com *.trustpilot.com *.clerk.io *.braintreegateway.com *.braintree-api.com *.sandbox.braintree-api.com *.kaptcha.com *.amazonaws.com *.google-analytics.com *.doubleclick.net *.tradedoubler.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://thegamecollection.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
font-src https://fonts.gstatic.com https://fonts.googleapis.com https://staticw2.yotpo.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https://www.gstatic.com https://bat.bing.com https://ct.pinterest.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.de https://p.yotpo.com https://cdn-yotpo-images-production.yotpo.com https://staticw2.yotpo.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; script-src js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com https://bat.bing.com https://ct.pinterest.com https://s.pinimg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.de https://staticw2.yotpo.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://apis.google.com www.googletagmanager.com www.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://www.gstatic.com https://fonts.googleapis.com https://staticw2.yotpo.com https://www.youtube.com 'self' 'unsafe-inline'; object-src ; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://bat.bing.com https://ct.pinterest.com https://s.pinimg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.de https://fonts.gstatic.com https://staticw2.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.mariatash.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.facebook.net *.googletagmanager.com *.payments-amazon.com www.gstatic.com *.klaviyo.com *.gladly.com *.newrelic.com *.audioeye.com *.nr-data.net *.cloudfront.net *.youtube.com s.ytimg.com api.smooch.io *.gladly.qa ipinfo.io *.searchspring.net *.searchspring.com *.zdassets.com code.jquery.com ajax.aspnetcdn.com searchanise-ef84.kxcdn.com *.zopim.io *.zopim.org *.zopim.com *.hotjar.com www.searchanise.com *.amazon.com *.config.smooch.io *.google.com *.hotjar.io *.pinterest.com *.sinter-collect.com *.twitter.com player.vimeo.com snisecdn-feh571kz.stackpathdns.com *.facebook.com *.cloudmaestro.com *.signifyd.com www.googleadservices.com 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.kr&source%5Bsection%5D=brochure&source%5Buuid%5D=8b7d991adb3ce54b6ddcffc14bc776c6 1
font-src * 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com * 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com * maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com * maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com * 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com * 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 'self'; report-uri https://b665164c4fb2875cf6d57e97c5ceb8d2.report-uri.com/r/d/csp/reportOnly 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://consent.cookiebot.com/uc.js https://consent.cookiebot.com/97d3b191-ad18-48f5-80ae-d62b3aea1449/cc.js https://consentcdn.cookiebot.com/consentconfig/97d3b191-ad18-48f5-80ae-d62b3aea1449/state.js https://consent.cookiebot.com/b5074936-b18e-4414-88f2-8de62ed0b7c9/cc.js https://consentcdn.cookiebot.com/consentconfig/b5074936-b18e-4414-88f2-8de62ed0b7c9/state.js https://consent.cookiebot.com/6354fd3d-924e-434a-955c-43d3db73e62d/cc.js https://consentcdn.cookiebot.com/consentconfig/6354fd3d-924e-434a-955c-43d3db73e62d/state.js http://w.usabilla.com/8f9054bf779b.js http://w.usabilla.com/cbf59fb24a0a.js http://w.usabilla.com/6feb7f1df1ac.js http://w.usabilla.com/99158a893ac6.js https://chat.vanlanschot.nl http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://sjs.bizographics.com https://bat.bing.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.linkedin.com/px https://px.ads.linkedin.com https://www.googleadservices.com https://maps.googleapis.com https://deploy.mopinion.com/js/pastease.js https://collect.mopinion.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://chat.vanlanschot.nl;img-src 'self' https://www.google-analytics.com https://insights.hotjar.com https://static.hotjar.com http://static.hotjar.com https://www.google.com/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://stats.g.doubleclick.net https://pixel.mathtag.com/event/ https://cx.atdmt.com https://www.facebook.com/tr https://bat.bing.com https://pixel.rubiconproject.com https://beleggingsinformatie.vanlanschot.nl https://*.cloudfront.net data: https://www.google.com https://www.google.nl https://www.google.be https://www.google.ch https://login.vanlanschot.com https://acc-login.vanlanschot.com;frame-src 'self' https://chat.vanlanschot.nl https://player.vimeo.com https://vars.hotjar.com https://www.google.com https://*.fls.doubleclick.net/ https://bid.g.doubleclick.net/' https://consentcdn.cookiebot.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com https://static.hotjar.com http://static.hotjar.com;connect-src 'self' https://chat.vanlanschot.nl http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://deploy.mopinion.com https://cacheorcheck.mopinion.com/survey/public/emoji;child-src 'self' https://vars.hotjar.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/api2 1
default-src 'self' ; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-eval' http://mc.yandex.ru/ https://mc.yandex.ru/ http://pagead2.googlesyndication.com/ https://pagead2.googlesyndication.com/ http://c.hit.ua http://counter.yadro.ru/ https://googleads.g.doubleclick.net/ http://vk.com https://apis.google.com https://accounts.google.com; img-src 'self' data: http://counter.yadro.ru/ http://c.hit.ua/ http://mc.yandex.ru http://vk.com/ ; connect-src https://mc.yandex.ru/ ; frame-src https://googleads.g.doubleclick.net https://apis.google.com http://vk.com https://accounts.google.com/ 1
default-src * 'unsafe-inline' data: blob: ;frame-ancestors 'self'; report-uri https://16f5f5ea60e86cd63289a2976fd4845c.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com; font-src 'self' fonts.gstatic.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com maps.googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com 'unsafe-inline' 'sha256-bT1Ymq1WqmR/IVUk/bpwBj+OeadvKW6Z37bJhTu00oY='; style-src 'self' 'unsafe-inline' fonts.googleapis.com pg-ws-ggz.widget.custhelp.com; report-uri https://errors.connectholland.nl/api/228/security/?sentry_key=f6211e7fc77f4d179394bc8d5d4237c7 1
font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.facebook.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.cloudfront.net *.baen.com *.twitter.com *.twimg.com store.paradoxlabs.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.twitter.com *.fontawesome.com *.facebook.net *.authorize.net js.authorize.net jstest.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.gstatic.com *.twitter.com *.twimg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.authorize.net *.google-analytics.com *.doubleclick.net js.authorize.net jstest.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://translate.google.com https://translate.googleapis.com https://bat.bing.com https://m.addthis.com https://widget.intercom.io  https://app.intercom.io https://js.intercomcdn.com https://platform-api.sharethis.com https://m.addthisedge.com https://buttons-config.sharethis.com https://s7.addthis.com https://inlinemanual.com https://widget.intercom.io https://js.intercomcdn.com https://platform.twitter.com https://code.jquery.com https://cdn.syndication.twimg.com https://stackpath.bootstrapcdn.com; style-src-elem * 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://translate.googleapis.com https://translate.googleapis.com/* https://translate.google.com https://platform-api.sharethis.com https://widget.intercom.io https://code.jquery.com https://js.intercomcdn.com https://connect.facebook.net; img-src * data: blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://platform.twitter.com https://ton.twimg.com; connect-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src 'self' https://www.google.com https://www.googletagmanager.com https://www.googletagmanager.com/* https://twitter.com https://firebasestorage.googleapis.com https://staticxx.facebook.com https://www.facebook.com https://c.sharethis.mgr.consensu.org https://syndication.twitter.com https://platform.twitter.com https://s7.addthis.com; object-src 'none'; media-src * 'unsafe-inline'; report-uri api/v1/public/reports 1
script-src 'self' 'unsafe-eval' https://use.fontawesome.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://static.ctctcdn.com https://translate.googleapis.com; script-src-elem 'self' 'unsafe-inline' translate.google.com www.google.com www.gstatic.com static.ctctcdn.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com translate.googleapis.com bam.nr-data.net js-agent.newrelic.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net translate.googleapis.com static.ctctcdn.com www.gstatic.com https://cdn.jsdelivr.net https://use.fontawesome.com; frame-ancestors 'self' 1
default-src https:; frame-src https:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report.php 1
font-src *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.trustpilot.com *.braintreegateway.com *.kaptcha.com *.cardinalcommerce.com *.mention-me.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.nosto.com *.mention-me.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com invitejs.trustpilot.com polyfill.io connect.nosto.com www.google.com *.gstatic.com *.zendesk.com *.zdassets.com *.mention-me.com *.trustpilot.com *.googleapis.com *.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com connect.nosto.com *.algolia.net *.zendesk.com *.zdassets.com *.zopim.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.trustpilot.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data: https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.simplytel.de https://umfrage.simplytel.de https://pts.simplytel.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://cts.communicationads.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://*.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.simplytel.de https://stats.simplytel.de https://imagepool.simplytel.de https://pts.simplytel.de; script-src 'strict-dynamic' 'nonce-91a7fbed31e0deefa8fd7e9a37c7afae' 'nonce-65096fc09a33bdb95fb4a3549e21b9eb' 'nonce-9fb120991e647175c9596c1e97f6dd7c' 'nonce-fbd24b09e8eba1312758137b82b8d414' 'nonce-fb96de1073e9556ccb91d7c56145d8a2' 'nonce-18ec675cc6539541f8783ee6d113db96' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://connect.facebook.net https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de https://*.demdex.net https://pts.simplytel.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com https://*.demdex.net; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-91a7fbed31e0deefa8fd7e9a37c7afae' 'nonce-65096fc09a33bdb95fb4a3549e21b9eb' 'nonce-9fb120991e647175c9596c1e97f6dd7c' 'nonce-fbd24b09e8eba1312758137b82b8d414' 'nonce-fb96de1073e9556ccb91d7c56145d8a2' 'nonce-18ec675cc6539541f8783ee6d113db96' 'self' https: 'report-sample' 1
font-src fonts.gstatic.com use.typekit.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com commerce.adobe.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com commerce.adobedtm.com commerce.adobedc.net performance.typekit.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://utdrvvtzkqpmtlszwunimosi.httpschecker.net/report 1
font-src *.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.addtoany.com *.facebook.com *.doubleclick.net *.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudfront.net *.facebook.com *.google.com *.google.ru data: *.doubleclick.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googletagmanager.com *.cloudfront.net *.searchspring.net *.klaviyo.com *.addtoany.com *.facebook.net *.doubleclick.net *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.fontawesome.com *.searchspring.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.searchspring.io *.luckyorange.net *.klaviyo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.com.imgeng.in *.cloudfront.net v1.addthisedge.com apps.bazaarvoice.com s.ytimg.com *.avmws.com *.google.com *.auryc.com *.bazaarvoice.com *.listrakbi.com services.listrak.com www.gstatic.com cdn.expertvoice.com secure.rock5rice.com pixel.mathtag.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com dmp.truoptik.com xdymhcopnh.execute-api.us-east-1.amazonaws.com www-propper.com.imgeng.in www.googlecommerce.com *.googleadservices.com script.crazyegg.com *.channeladvisor.com *.facebook.net *.ubembed.com *.b1js.com *.callrail.com bat.bing.com googleads.g.doubleclick.net b1img.com *.youtube.com static.doubleclick.net pixel.adacado.com *.googleapis.com www.propper.com s7.addthis.com m.addthis.com www.googletagmanager.com www.adelixir.com 1
style-src widget.reviews.co.uk cdn.natterly.com 'self' c.disquscdn.com vps.freethought-internet.co.uk; child-src widget.reviews.co.uk disqus.com js.stripe.com; connect-src api-cache.reviews.co.uk api.natterly.com socket.natterly.com 'self' www.freethought.uk cdn.natterly.com vps.freethought-internet.co.uk; font-src cdn.natterly.com 'self' vps.freethought-internet.co.uk; media-src cdn.natterly.com 'self'; script-src widget.reviews.co.uk cdn.natterly.com 'self' js.stripe.com c.disquscdn.com disqus.com freethought-internet.disqus.com vps.freethought-internet.co.uk; img-src www.freethought.uk 'self' cdn.natterly.com files.natterly.com referrer.disqus.com c.disquscdn.com www.paypal.com vps.freethought-internet.co.uk; form-action 'self' portal.freethought.uk www.paypal.com ldex1-plesk3.uk.fi.net.uk ldex1-plesk4.uk.fi.net.uk ldex1-plesk5.uk.fi.net.uk ldex1-plesk6.uk.fi.net.uk www.freethought.uk ldex1-cpanel1.uk.fi.net.uk ldex1-plesk4.uk.fi.net.uk; frame-ancestors 'self'; frame-src disqus.com js.stripe.com widget.reviews.co.uk 'self'; manifest-src 'self'; default-src widget.reviews.co.uk c.disquscdn.com disqus.com; object-src 'self'; report-uri https://freethought.report-uri.com/r/d/csp/wizard 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor script-src 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com *.scoutbags.com platform.twitter.com *.pinterest.com apis.google.com membrain.getsidecar.com script.hotjar.com cdn.jsdelivr.net cdn.bronto.com bat.bing.com bam.nr-data.net js.bronto.com js-agent.newrelic.com ajax.googleapis.com www.googleadservices.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com static.zdassets.com static.hotjar.com s.ytimg.com js.hs-analytics.net js.hs-scripts.com h30-deploy.hiconversion.com staticw2.yotpo.com d3v27wwd40f0xu.cloudfront.net d10lpsik1i8c69.cloudfront.net connect.facebook.net www.youtube.com container.pepperjam.com dev.visualwebsiteoptimizer.com fullstory.com 1
default-src *; script-src 'self' https: *; style-src https: *; img-src *; connect-src 'self' https: *; media-src 'self' https: https://*; child-src 'none' 1
default-src 'self' duncker-humblot.de www.duncker-humblot.de captcha.wirth-horn.de cookiemanager.wirth-horn.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /csp-report.cfm 1
block-all-mixed-content; report-uri https://gesoten.report-uri.com/r/t/csp/reportOnly 1
font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://api.ometria.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://widget.trustpilot.com https://vars.hotjar.com https://www.paypalobjects.com https://lpcdn.lpsnmedia.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https://media.festive-lights.com https://www.festive-lights.com https://trk.ometria.com https://bat.bing.com https://www.google.com https://www.google.co.uk https://www.facebook.com https://paypal-eu-arh.cloudiq.com https://lpcdn.lpsnmedia.net https://t.co 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com polyfill.io https://static.hotjar.com https://script.hotjar.com https://widget.trustpilot.com https://invitejs.trustpilot.com https://www.googletagmanager.com https://cdn.ometria.com https://cdn.cookielaw.org https://ajax.googleapis.com https://lptag.liveperson.net https://festi11112.pcapredict.com https://static.ads-twitter.com https://bat.bing.com https://connect.facebook.net https://www.gstatic.com https://googleads.g.doubleclick.net https://stglite.bglobale.com https://paypal-eu-arh.cloudiq.com https://paypal-eu-cdn.cloudiq.com https://accdn.lpsnmedia.net https://va.v.liveperson.net https://lpcdn.lpsnmedia.net https://static-eu.payments-amazon.com https://analytics.twitter.com https://tag.mention-me.com https://static.mention-me.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://optanon.blob.core.windows.net https://stglite.bglobale.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net https://www.google-analytics.com https://www.googleadservices.com https://www.google.co.uk https://stats.g.doubleclick.net https://payments-uk.amazon.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' images.masterlogin.de; media-src 'none'; frame-src 'none'; connect-src *; report-uri /violation.php 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.hermandadblanca.org cdn.ampproject.org cdn.onesignal.com onesignal.com www.googletagmanager.com www.google-analytics.com blob:; connect-src 'self' onesignal.com cdn.ampproject.org www.googletagmanager.com; img-src 'self' cdn.hermandadblanca.org www.google-analytics.com www.google.com www.google.es stats.g.doubleclick.net img.onesignal.com gravatar.com data:; style-src 'self' 'unsafe-inline' cdn.hermandadblanca.org onesignal.com fonts.googleapis.com; font-src 'self' cdn.hermandadblanca.org fonts.gstatic.com data:; frame-src onesignal.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wistia.com www.google-analytics.com www.google.com www.googletagmanager.com libs.na.bambora.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.egbc.ca data: i.ytimg.com cdn.na.bambora.com *.wistia.com embedwistia-a.akamaihd.net www.google-analytics.com www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net; connect-src 'self' *.wistia.com embedwistia-a.akamaihd.net www.google-analytics.com *.litix.io; worker-src 'self' blob:; frame-src 'self' www.youtube.com www.google.com libs.na.bambora.com *.wistia.com; report-uri https://egbc.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://csp.rcahms.gov.uk/ncap-live; 1
frame-ancestors 'none'; block-all-mixed-content; object-src 'none'; report-uri https://sentry.io/api/161479/security/?sentry_key=9c457471fc3c4ce0a248b295ec84cb32 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.youtube.com video.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.tiles.mapbox.com/ https://code.jquery.com/ https://unpkg.com/ https://fonts.gstatic.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/ https://ajax.googleapis.com/ www.google.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.tiles.mapbox.com/ https://code.jquery.com/ https://unpkg.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/ https://ajax.googleapis.com/ www.google.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.gstatic.com; object-src 'self'; connect-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com ;img-src 'self' 'unsafe-inline' https://api.tiles.mapbox.com/ https://unpkg.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ www.google.com ajax.googleapis.com www.google-analytics.com stats.g.doubleclick.net data: ; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://unpkg.com/ https://fonts.gstatic.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/;  1
script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-5b752f612e8308e7c0cabe485e1002aa' 'sha384-7uqQfGVKWAthYOKjE4CToVZDjNGO+rxLDL5sFo1HUI3u+vwLmAinEM0/LcURoj1h' 'sha256-spTpc4lvj4dOkKjrGokIrHkJgNA0xMS98Pw9N7ir9oI=' 'sha384-4FS9nLDjKOPIgz/SgGvZV4C8RHHRyRP1Fb6ZW/XH/o8PFaviPmgzLc6kOS2GQ87x' 'sha384-3vojR0D/VZNPM9rutbkAQlVZeDVrc50TkyBVfVpqoZzVQpWA65x5mQXOij0vt2Cu' 'sha384-VI5+XuguQ/l3kUhh4knz7Hxptx47wpQbVRDnp8v7Vvuhzwn1PEYb/uvtH6KLxv6d' 'report-sample'; object-src 'none'; base-uri 'self'; connect-src https://doordash.com https://analytics.google.com https://api.amplitude.com https://ct.pinterest.com https://p.tvpixel.com https://api.segment.io https://bat.bing.com https://www.facebook.com https://sentry.io https://bam.nr-data.net https://page-service-qa.doordash.com https://page-service.doordash.com https://cdn.doordash.com https://tn.alphonso.tv https://s3-design-language-system.cdn4dd.com https://logx.optimizely.com https://*.optimizely.com https://www.google-analytics.com https://www.doordash.com https://stats.g.doubleclick.net https://www.google-analytics.com https://order.online https://*.order.online https://preview.trycaviar.com https://staging.trycaviar.com https://qa.trycaviar.com/ https://www.trycaviar.com https://trycaviar.com https://www.google.com https://client-analytics.braintreegateway.com https://api.braintreegateway.com https://payments.braintree-api.com https://wwww.google.ca https://wwww.google.com.au https://api.doordash.com https://api-consumer-client.doordash.com https://www.paypal.com; frame-ancestors 'self'; report-uri https://sentry.io/api/5175049/security/?sentry_key=c269bf7b8bc44929b43bbb29e11cece5&sentry_environment=prod; worker-src 'none' 1
default-src 'self' www.google-analytics.com www.googletagmanager.com *.formitable.com www.w3.org connect.facebook.net *.facebook.com secure-hotel-tracker.com player.vimeo.com www.youtube.com js-agent.newrelic.com bam.nr-data.net *.cookiebot.com  https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' https://optimize.google.com https://*.loyaltyinabox.com https://iframeshop.chipta.com 'unsafe-eval' data:; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' www.facebook.com www.google-analytics.com www.googletagmanager.com https://optimize.google.com https://bam.nr-data.net https://www.gstatic.com https://secure.gravatar.com https://translate.google.com data:; style-src 'self' https://optimize.google.com https://fonts.googleapis.com *.formitable.com https://secure.gravatar.com/ https://translate.googleapis.com 'unsafe-inline' data:; connect-src 'self' https://www.facebook.com *.formitable.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net www.google-analytics.com; frame-src 'self' www.google-analytics.com www.googletagmanager.com *.formitable.com https://*.youtube.com www.w3.org connect.facebook.net *.facebook.com secure-hotel-tracker.com player.vimeo.com www.youtube.com js-agent.newrelic.com bam.nr-data.net *.cookiebot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://optimize.google.com https://*.loyaltyinabox.com https://iframeshop.chipta.com https://w.soundcloud.com https://www.mixcloud.com/ 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors: self https://*.volkshotel.nl; base-uri: 'self'; form-action: 'self'; report-uri https://volkshotel0.report-uri.com/r/d/csp/reportOnly; 1
report-uri /web/reportreceiver; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.googleapis.com https://*.googleapis.com  https://*.google-analytics.com https://*.google.com https://*.webspellchecker.net https://js-agent.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://static.addtoany.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google-analytics.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com https://*.googleapis.com https://*.google.com https://*.webspellchecker.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://www.gstatic.com r.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://i.ytimg.com https://*.ytimg.com https://*.googleapis.com; media-src 'self' data: http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com  https://*.google-analytics.com https://*.google.com https://*.webspellchecker.net https://stats.g.doubleclick.net; frame-src https://*.webspellchecker.net https://static.addtoany.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://maps.google.com https://player.vimeo.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://stats.addtoany.com https://stats.g.doubleclick.net https://www.google-analytics.com; report-uri /report-csp-violation 1
report-uri https://csp.edipresse.pl/report/viva; font-src https: data:; img-src data: https: android-webview-video-poster: android-webview:; media-src https: data:; style-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: asset:; worker-src blob: 1
default-src 'none' ; script-src 'self' 'unsafe-inline' fonts.googleapis.com d2wy8f7a9ursnm.cloudfront.net maps.googleapis.com www.google-analytics.com pendo-io-static.storage.googleapis.com app.pendo.io cdn.pendo.io pendo-static-5419957858336768.storage.googleapis.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com app.pendo.io cdn.pendo.io pendo-static-5419957858336768.storage.googleapis.com; img-src 'self' data: *.locus-api.com www.google-analytics.com s3.amazonaws.com maps.gstatic.com maps.googleapis.com cdn.pendo.io app.pendo.io pendo-static-5419957858336768.storage.googleapis.com blob:; font-src 'self' fonts.gstatic.com; connect-src *.locus-api.com www.google-analytics.com *.bugsnag.com s3.amazonaws.com app.pendo.io *.zendesk.com blob:; media-src 'self' ; object-src 'none' ; frame-src * ; frame-ancestors app.pendo.io; report-uri https://locus.report-uri.com/r/d/csp/reportonly; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://qualys.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: l7.dca0.com sn.dca0.com l8.dca0.com s.swiftypecdn.com l10.dca0.com l9.dca0.com l0.dca0.com stats.g.doubleclick.net sn36.dca0.com d.adroll.com www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com s.swiftypecdn.com fonts.googleapis.com; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ajax.googleapis.com s.dca0.com s.swiftypecdn.com xds.dca0.com d.adroll.com googleads.g.doubleclick.net d.adroll.mgr.consensu.org cdn.jsdelivr.net www.googleadservices.com stackpath.bootstrapcdn.com connect.facebook.net s.adroll.com www.googletagmanager.com cdnjs.cloudflare.com www.google-analytics.com code.jquery.com; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: calcubot.com; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: pixel.rubiconproject.com us-u.openx.net www.google.com dsum-sec.casalemedia.com ups.analytics.yahoo.com x.bidswitch.net pixel.advertising.com idsync.rlcdn.com pippio.com sync.taboola.com cc.swiftype.com d.adroll.com www.facebook.com ib.adnxs.com cx.atdmt.com sync.outbrain.com www.google-analytics.com ; form-action 'none' data: blob: ; report-uri /csp_report 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.igenex.com fasttiger.io connect.facebook.net apis.google.com developers.google.com ajax.googleapis.com maps.googleapis.com www.google.com www.googletagmanager.com *.google-analytics.com www.gstatic.com script.hotjar.com static.hotjar.com pi.pardot.com assets.pinterest.com log.pinterest.com sibautomation.com sibforms.com static.ads-twitter.com analytics.twitter.com *.wp.com www.youtube.com s.ytimg.com unpkg.com *.trustcommerce.com cdnjs.cloudflare.com assets.calendly.com rawgit.com; style-src 'self' 'unsafe-inline' cdn.igenex.com *.fontawesome.com fonts.googleapis.com *.gstatic.com *.wp.com; img-src 'self' data: s3.amazonaws.com graph.facebook.com www.facebook.com connect.facebook.net platform-lookaside.fbsbx.com www.google.com secure.gravatar.com *.google-analytics.com cdn.igenex.com *.w.org *.wp.com maps.gstatic.com maps.googleapis.com; connect-src 'self' 'self' fasttiger.io www.google-analytics.com stats.g.doubleclick.net in.hotjar.com vars.hotjar.com in-automate.sendinblue.com sibautomation.com my.yoast.com graph.facebook.com r.email.igenex.com; font-src 'self' data: cdn.igenex.com fonts.gstatic.com *.fontawesome.com wordpress.com *.wp.com; frame-src 'self' www.facebook.com staticxx.facebook.com vars.hotjar.com sibautomation.com *.wp.com *.youtube.com *.vimeo.com calendly.com *.calendly.com; block-all-mixed-content 1
script-src 'nonce-YLoj5Oa7fcEmRG9Ub_X6HA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/startup_google_com; base-uri 'none' 1
script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; report-uri /csp-report 1
default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.se ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com sanalytics.spreadshirt.se *.spreadshirt.se ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.spreadshirt.se ; font-src 'self' https: data: *.spreadshirt.se ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.se ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.se ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1
script-src 'nonce-3SABCAhCfDi0kwwmzVbKQA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; 1
default-src * 'unsafe-eval' 'unsafe-inline' 'self' blob:; font-src 'self' https://vjs.zencdn.net https://fonts.gstatic.com data:; img-src * data:; media-src 'self' https://vjs.zencdn.net https://*.brightcove.com blob:; worker-src 'self' blob:; object-src 'self'; frame-ancestors 'self'; report-uri /ContentSecurityPolicy/Report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.archive-it.org archive-it.org *.qa-archive-it.org qa-archive-it.org archive.org *.archive.org https://*.archive-it.org https://archive-it.org https://*.qa-archive-it.org https://qa-archive-it.org https://archive.org https://*.archive.org data: blob: ; frame-src 'self' *.archive-it.org archive-it.org *.qa-archive-it.org qa-archive-it.org archive.org *.archive.org https://*.archive-it.org https://archive-it.org https://*.qa-archive-it.org https://qa-archive-it.org https://archive.org https://*.archive.org ; report-uri https://partner.archive-it.org/csp-report 1
frame-ancestors 'self'; default-src 'self'; script-src maps.googleapis.com server.adform.net cdn.adtelligence.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com 'self' 'unsafe-inline'; img-src maps.googleapis.com maps.gstatic.com mediafra.admiralcloud.com images.admiralcloud.com cdn.adtelligence.de blob: data: 'self'; font-src fonts.gstatic.com player.admiralcloud.com data: 'self';connect-src api.admiralcloud.com mediafra.admiralcloud.com 'self'; prefetch-src *.admiralcloud.com *.googleapis.com 'self'; frame-src tk.moovit24.de 'self'; worker-src blob: 'self'; media-src mediafra.admiralcloud.com api.admiralcloud.com blob: 'self'; report-uri https://www.tk.de/service/rest/cspviolation/report 1
font-src * data:; default-src * gap://ready file: 'unsafe-inline' 'unsafe-eval'; script-src * file: gap: 'unsafe-inline' 'unsafe-eval'; connect-src * 'self'; img-src * 'self' data: blob:; style-src * 'unsafe-inline'; report-uri /csp/report/ 1
font-src fonts.gstatic.com staticw2.yotpo.com maxcdn.bootstrapcdn.com cdn1.stamped.io 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.facebook.com www.google.com t.zip.co www.youtube.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.googleadservices.com www.google-analytics.com https://static.afterpay.com static.secure-afterpay.com.au www.facebook.com stats.g.doubleclick.net www.google.com www.google.com.au staticw2.yotpo.com p.yotpo.com cdn-yotpo-images-production.yotpo.com cfvod.kaltura.com cdn.stamped.io cdn1.stamped.io *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.googleadservices.com www.google-analytics.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://polyfill.io www.googletagmanager.com chimpstatic.com connect.facebook.net www.facebook.com seal.geotrust.com static.zipmoney.com.au api.instagram.com www.google.com www.gstatic.com staticw2.yotpo.com http://ea.test:35729 cdn1.stamped.io js.braintreegateway.com browser.sentry-cdn.com edge.fullstory.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ fonts.googleapis.com maxcdn.bootstrapcdn.com staticw2.yotpo.com cdn1.stamped.io tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com *.algolia.net t.zip.co api.zipmoney.com.au staticw2.yotpo.com ws://ea.test:35729 cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://sentry.io/api/1318134/security/?sentry_key=180a5bb8e9f14da280c79e29fca852e9 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com *.wesupply.xyz *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.coachseye.com *.stripe.com platform.twitter.com apis.google.com *.cloudfront.net *.doubleclick.net script.crazyegg.com www.techsmith.com *.googleapis.com *.googlecode.com www.googleadservices.com *.addthis.com connect.facebook.net az416426.vo.msecnd.net www.google-analytics.com analytics.twitter.com static.ads-twitter.com www.youtube.com www.googletagmanager.com cdn.cookielaw.org geolocation.onetrust.com tagmanager.google.com;object-src *.coachseye.com assets.techsmith.com;style-src 'self' 'unsafe-inline' *.coachseye.com www.techsmith.com tagmanager.google.com fonts.googleapis.com optimize.google.com;img-src 'self' *.coachseye.com *.stripe.com www.facebook.com *.twitter.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net secure.gravatar.com t.co www.google-analytics.com stats.g.doubleclick.net data: *.gstatic.com *.googleapis.com *.pinimg.com *.blogspot.com www.google.com;media-src *.coachseye.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net;frame-src *.cloud.tsc-dev.co *.tsc-stage.co *.coachseye.com platform.twitter.com staticxx.facebook.com www.youtube.com *.stripe.com www.googletagmanager.com bid.g.doubleclick.net;font-src 'self' *.coachseye.com www.techsmith.com use.typekit.net fonts.gstatic.com;connect-src 'self' *.stripe.com performance.typekit.net az416426.vo.msecnd.net dc.services.visualstudio.com *.cloud.tsc-dev.co *.tsc-stage.co *.techsmith.com cdn.cookielaw.org privacyportal.onetrust.com tscstoragedev1.blob.core.windows.net tscstoragestage01.blob.core.windows.net tscstoragestagea01.blob.core.windows.net techsmithstorage.blob.core.windows.net;frame-ancestors 'self' *;report-uri https://coachseye.report-uri.com/r/d/csp/reportOnly 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://myopfwsstaftavrgb007rwpl.httpschecker.net/report 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com snap.licdn.com js.hs-scripts.com js.hs-analytics.net js.usemessages.com connect.facebook.net https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.gstatic.com www.verasafe.com *.hsforms.net *.hsforms.com js.hsleadflows.net; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com fonts.googleapis.com; img-src 'self' img.youtube.com i.ytimg.com track.hubspot.com www.google.com www.google.co.in www.google-analytics.com stats.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.cloudfront.net *.hsforms.com *.linkedin.com; media-src 'self' *.youtube.com ; frame-src 'self' *.youtube.com staticxx.facebook.com forms.hsforms.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com; frame-ancestors 'self' *.youtube.com ; child-src 'self' *.youtube.com ; font-src 'self' fonts.gstatic.com; connect-src 'self' *.youtube.com *.googlevideo.com api.hubspot.com https://googleads.g.doubleclick.net *.doubleclick.net www.google.com www.google.co.in www.googleadservices.com www.googletagmanager.com www.google-analytics.com forms.hubspot.com; report-uri /report-csp-violation 1
base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://myaccount.sure.com myaccount.sure.com https://myaccounttest.sure.com:2087 myaccounttest.sure.com:2087 https://rec.smartlook.com rec.smartlook.com https://ekr.zdassets.com ekr.zdassets.com https://*.zopim.com *.zopim.com wss://widget-mediator.zopim.com https://*.searchiq.co *.searchiq.co; font-src 'self' https://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net use.typekit.net https://*.zopim.com *.zopim.com https://*.searchiq.co *.searchiq.co data:; form-action 'self' https://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com youtube.com https://*.twitter.com *.twitter.com https://*.doubleclick.net *.doubleclick.net; img-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.google.com www.google.com https://www.google.co.uk www.google.co.uk https://t.co t.co https://www.facebook.com www.facebook.com https://v2.zopim.com v2.zopim.com https://*.doubleclick.net *.doubleclick.net https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com https://*.searchiq.co *.searchiq.co blob: data:; media-src https://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://myaccount.sure.com myaccount.sure.com https://myaccounttest.sure.com:2087 myaccounttest.sure.com:2087 https://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com www.googleadservices.com https://*.googleapis.com *.googleapis.com https://*.doubleclick.net *.doubleclick.net https://v2.zopim.com v2.zopim.com https://static.zdassets.com static.zdassets.com https://*.twitter.com *.twitter.com https://static.ads-twitter.com static.ads-twitter.com https://*.facebook.net *.facebook.net https://rec.smartlook.com rec.smartlook.com https://*.twimg.com *.twimg.com https://*.searchiq.co *.searchiq.co 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net *.typekit.net https://*.googleapis.com *.googleapis.com https://*.twitter.com *.twitter.com https://*.twimg.com *.twimg.com https://*.searchiq.co *.searchiq.co 'unsafe-inline'; 1
connect-src 'self' https://s.yimg.com https://rtr.innovid.com https://*.yahoo.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://*.yahoo.net https://ad.doubleclick.net; style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; img-src 'self' data: blob: about: https://*.yimg.com https://*.yahoo.com https://sb.scorecardresearch.com https://*.doubleclick.net https://*.adsafeprotected.com https://*.googlesyndication.com; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=6ad9pulfmqvdc&partner=; 1
policy-uri /http://204.131.106.240:10514 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.livechatinc.com www.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.ave40.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.twitter.com *.google.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.livechatinc.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://vapeman.report-uri.com/a/d/g; report-to report-endpoint; 1
upgrade-insecure-requests; default-src 'self';frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https://mws.acculynk.net; frame-src 'self' blob: https://*.jailatm.com https://*.cardinalcommerce.com; connect-src https://*.jailatm.com wss://*.jailatm.com https://bam.nr-data.net https://js-agent.newrelic.com https://ssl.google-analytics.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mws.acculynk.net https://ssl.google-analytics.com https://bam.nr-data.net https://js-agent.newrelic.com; media-src blob: https://*.jailatm.com; img-src 'self' blob: data: https://*.jailatm.com https://ssl.google-analytics.com; report-uri https://prod-85.eastus.logic.azure.com:443/workflows/5ab0d436f1e94b2ebb498123cf4e6237/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=5-sg8d7JXNkpqHqBZg7Z_eRksM6krb36tWkzTRxxavc 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://dmzls-dub-mc.safe-installation.com/poker 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.gstatic.com *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://embed.videodelivery.net https://stackpath.bootstrapcdn.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://code.jquery.com; connect-src 'self' https://127.0.0.1:41951 https://localhost:41951; img-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdn.datatables.net; font-src 'self' data: https://fonts.gstatic.com; child-src 'self' https://www.youtube-nocookie.com https://*.google.com https://*.google.de; media-src 'self'; form-action 'self' https://*.formulastudent.de https://*.fs-g.org https://www.paypal.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://fsgde.report-uri.com/r/d/csp/enforce 1
font-src maxcdn.bootstrapcdn.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.authorize.net *.sharethis.mgr.consensu.org *.sharethis.com *.doubleclick.net data: 'self' *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.magentocommerce.com *.googleadservices.com *.google-analytics.com *.paypal.com data: *.cheesecake.com.au *.doubleclick.net *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.paypal.com *.assets.adobedtm.com *.sharethis.com *.googleadservices.com *.google.com *.gstatic.com *.bronto.com *.googleapis.com *.brontops.com *.cardinalcommerce.com *.signifyd.com *.adform.net https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.sharethis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.cardinalcommerce.com *.bronto.com *.brontops.com *.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cheesecake.com.au/; report-to report-endpoint; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.toolpartsdirect.com ssl.google-analytics.com d.impactradius-event.com www.googletagmanager.com   www.googlecommerce.com *.google.com s.ytimg.com www.youtube-nocookie.com *.addthis.com z.moatads.com v1.addthisedge.com static-na.payments-amazon.com js.braintreegateway.com logs-01.loggly.com www.paypalobjects.com c.paypal.com assets.braintreegateway.com flex.msn.com *.cloudmaestro.com *.cloudflare.com www.googleadservices.com bat.bing.com 1
default-src 'self' 'unsafe-inline' data: logger.scot.nhs.uk *.google-analytics.com www.googletagmanager.com *.fontawesome.com use.typekit.net *.google.com *.googleapis.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com *.addthis.com *.addthisedge.com *.twitter.com *.twimg.com connect.facebook.net graph.facebook.com *.youtube.com *.ytimg.com player.vimeo.com content.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com; worker-src 'self'; frame-ancestors 'self'; base-uri 'self'; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report; report-to csp-endpoint 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://pcls.report-uri.com/r/d/csp/reportOnly 1
default-src 'self'; object-src 'self'; base-uri 'self'; img-src https: data: https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://chat.yourfone.de https://umfrage.yourfone.de https://pts.yourfone.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://cts.communicationads.net https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://*.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://chat.yourfone.de https://stats.yourfone.de https://imagepool.yourfone.de https://pts.yourfone.de; script-src 'strict-dynamic' 'nonce-90931ab0e3e1953388c0e0232d0a4603' 'nonce-989031f1cfca67e4ef1575449ffc390b' 'nonce-84813f54d46a2a0be5b51198a9a7ea46' 'nonce-7bcd7fb5f25e96fc4cfe50b596fc5755' 'nonce-5bc1ffd4bdca1eb8eb7fe13f88d339aa' 'self' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://www.facebook.com https://connect.facebook.net https://tags.tiqcdn.com https://cdn2.spatialbuzz.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com https://www.awin1.com https://paketshop.myhermes.de https://*.demdex.net https://pts.yourfone.de; child-src https://www.youtube.com https://cdn2.spatialbuzz.com https://trck.spoteffects.net https://www.googleadservices.com https://www.facebook.com https://tags.tiqcdn.com https://ad13.adfarm1.adition.com https://*.demdex.net; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-90931ab0e3e1953388c0e0232d0a4603' 'nonce-989031f1cfca67e4ef1575449ffc390b' 'nonce-84813f54d46a2a0be5b51198a9a7ea46' 'nonce-7bcd7fb5f25e96fc4cfe50b596fc5755' 'nonce-5bc1ffd4bdca1eb8eb7fe13f88d339aa' 'self' https: 'report-sample' 1
default-src 'self' pr.prchecker.info www.zip.dk zipstat.dk; style-src 'self' 'unsafe-inline'; script-src 'self' www.zip.dk www.zipstat.dk 'unsafe-inline'; upgrade-insecure-requests; report-uri https://tryl.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; connect-src https: wss:; block-all-mixed-content; report-uri https://4care.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://www.ergo-webreporting.com/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://www.ergo-webreporting.com/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ data:; report-uri /report-csp-violation 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com secure.authorize.net test.authorize.net www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagservices.com https://apis.google.com https://connect.facebook.net https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://gstatic.com https://www.googletagmanager.com https://google-analytics.com https://t.womtp.com https://api.ipify.org https://maps.googleapis.com https://www.google.com *.vo.msecnd.net https://static.criteo.net https://bucket.cdnwebcloud.com https://stats.g.doubleclick.net https://static.hotjar.com https://ws.walmeric.com https://sslwidget.criteo.com https://script.hotjar.com https://pagead2.googlesyndication.com https://neural29.cdnwebcloud.com https://sb.scorecardresearch.com https://ad.doubleclick.net https://ads.profilemkt.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com gstatic.com; img-src 'self' data: *.azureedge.net https://maps.gstatic.com https://maps.googleapis.com https://csi.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com https://magazine.solvia.es *.blob.core.windows.net https://plataforma-des.infosolvia.es https://cdnpcomercialsolvia.azureedge.net https://www.google.com https://www.google.es https://sb.scorecardresearch.com *.g.doubleclick.net https://www.facebook.com https://t.womtp.com https://pagead2.googlesyndication.com *.cdnwebcloud.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://dc.services.visualstudio.com https://in.hotjar.com *.cdnwebcloud.com; object-src 'self' https://www.google.com; frame-ancestors 'none'; form-action 'self' https://www.facebook.com; report-uri https://69b2b976c6287d70a018dda40c4a3fca.report-uri.com/r/d/csp/reportOnly 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://extend.vimeocdn.com https://bam.nr-data.net https://js-agent.newrelic.com https://img.en25.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.google.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://www.cranepi.com/en/report-uri/reportOnly 1
default-src 'self'; object-src 'none'; font-src data: 'self'; style-src 'self' 'unsafe-inline'; img-src data: *.kelag.at www.google.com www.google.at www.google-analytics.com www.facebook.com seal.digicert.com bat.bing.com; connect-src *.kelag.at kelag.custhelp.com www.google.com www.google-analytics.com *.doubleclick.net bat.bing.com; frame-src *.kelag.at *.doubleclick.net *.cookiebot.com www.facebook.com; script-src 'unsafe-inline' ; script-src-elem https: 'unsafe-inline' *.kelag.at *.cookiebot.com seal.digicert.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com connect.facebook.net; report-uri https://kelag.report-uri.com/r/d/csp/wizard; 1
font-src *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net store.paradoxlabs.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce-VUDa2lhYezBLaiHmgvAx' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /api/csp/report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: secure.gravatar.com; report-uri https://chapinc.org?gdsih-csp-report; 1
default-src https://www.regionorebrolan.se:443;script-src *.google.com ssl.google-analytics.com ssl.webserviceaward.com *.orebroll.se www.regionorebrolan.se https://js-agent.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval'  data:;style-src  'self' 'unsafe-inline' ssl.webserviceaward.com;img-src *.orebroll.se ssl.google-analytics.com ssl.webserviceaward.com www.regionorebrolan.se 'self' data:;media-src rstts.readspeaker.com app.readspeaker.com streamio.com video.orebroll.se;frame-src *.youtube.com app.readspeaker.com  rstts.readspeaker.com media.readspeaker.com www.regionorebrolan.se https://streamio.com https://video.orebroll.se https://solaris.orebroll.se https://app.powerbi.com;connect-src rstts.readspeaker.com;report-uri https://www.regionorebrolan.se/csp-report 1
report-uri https://wwwhellobankat.report-uri.com/r/d/csp/reportOnly; 1
object-src 'none'; block-all-mixed-content; frame-ancestors 'none'; report-uri https://sentry.io/api/161479/security/?sentry_key=9c457471fc3c4ce0a248b295ec84cb32 1
frame-ancestors 'self'; report-uri https://c4b562ef207d9ca89618f9d5f5a9d1d9.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self' data: blob: *.tiktokcdn.com *.akamaized.net *.tiktok.com *.byteoversea.com *.ibytedtos.com *.tiktokcdn-in.com;connect-src *.google-analytics.com *.ibytedtos.com *.bytedanceapi.com *.tiktokv.com *.tiktok.com *.byteoversea.com *.tiktokcdn.com *.tiktokcdn-in.com *.hypstarcdn.com *.ipstatp.com *.bytedance.com;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.byteoversea.com *.ibytedtos.com *.ipstatp.com *.tiktok.com *.tiktokcdn-in.com *.tiktokcdn.com *.hypstarcdn.com *.googletagmanager.com *.google-analytics.com *.akamaized.com *.googleapis.com *.sgpstatp.com 'nonce-CQO1hcY3tiiotIsRK7tCb';style-src 'unsafe-inline' *.tiktokcdn.com *.tiktokcdn-in.com *.akamaized.net *.ibytedtos.com *.tiktok.com *.ipstatp.com *.ibyteimg.com *.googleapis.com;img-src data: *.akamaized.net *.tiktokcdn.com *.tiktokcdn-in.com *.ibytedtos.com *.ibyteimg.com *.tiktok.com *.hypstarcdn.com *.facebook.com *.google-analytics.com *.googletagmanager.com;frame-src *.tiktok.com;media-src blob: *.tiktok.com *.tiktokv.com *.tiktokcdn.com *.tiktokcdn-in.com *.akamaized.net *.ibyteimg.com *.ibytedtos.com;report-uri https://mon-va.byteoversea.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=tiktok_web 1
script-src 'self' https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://www.google.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
font-src *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.hotjar.com *.facebook.com *.braintreegateway.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.apptrian.com data: *.facebook.com *.feefo.com *.linksynergy.com *.visualwebsiteoptimizer.com *.doubleclick.net *.google.com https://t.co *.google.co.uk *.google.hu *.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com *.crazyegg.com *.rmtag.com *.visualwebsiteoptimizer.com *.facebook.net *.feefo.com *.googletagmanager.com *.google.com *.googleapis.com *.hotjar.com *.ads-twitter.com *.twitter.com *.salesfire.co.uk *.doubleclick.net *.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.typekit.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es www.apptrian.com *.feefo.com *.paypal.com *.braintree-api.com *.smartmetrics.co.uk *.hotjar.com *.hotjar.io *.salesfire.co.uk yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://drbservices.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://zhklrkwwz3qjjxbsljqmqe2b.httpschecker.net/report 1
font-src *.gstatic.com *.googleapis.com smhttp-ssl-85991.nexcesscdn.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.hotjar.com *.trustpilot.com smhttp-ssl-85991.nexcesscdn.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.ometria.com *.nosto.com *.trust-provider.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.ytimg.com *.cloudfront.net 'self' data: smhttp-ssl-85991.nexcesscdn.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.trust-provider.com *.trustpilot.com *.nosto.com *.popupdomination.com *.criteo.net *.licdn.com *.ometria.com *.facebook.net *.riskified.com *.google-analytics.com *.gstatic.com *.google.com *.amazon.co.uk *.amazon.com *.payments-amazon.com smhttp-ssl-85991.nexcesscdn.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com savile-row.whoson.com *.gstatic.com *.trustedshops.com *.usercentrics.eu smhttp-ssl-85991.nexcesscdn.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trustpilot.com *.nosto.com *.paypal.com *.amazon.co.uk *.amazon.com *.payments-amazon.com smhttp-ssl-85991.nexcesscdn.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com scontent.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.kxcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk www.youtube-nocookie.com; script-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk cdn.ravenjs.com ssl.google-analytics.com www.google-analytics.com static.addtoany.com dfsrovckda8bt.cloudfront.net hitcounter.servmetric.com www.google.com maps.google.com maps.google.co.uk translate.google.com maps-api-ssl.google.com translate.googleapis.com ajax.googleapis.com www.googletagmanager.com platform.twitter.com babm.texthelp.com plus.browsealoud.com *.tawk.to cdn.jsdelivr.net cdn.syndication.twimg.com https://e.issuu.com https://www.gstatic.com/recaptcha/ websurveys2.servmetric.com websurveys2.govmetric.com hitcounter.govmetric.com content.govdelivery.com cdn.mxpnl.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' www.charnwood.gov.uk fonts.googleapis.com dfsrovckda8bt.cloudfront.net maps.google.com maps.google.co.uk *.googleapis.com plus.browsealoud.com cdn.jsdelivr.net platform.twitter.com ton.twimg.com websurveys2.govmetric.com websurveys2.servmetric.com 'unsafe-inline'; img-src 'self' data: www.charnwood.gov.uk secure.cuttlefish.com static.cuttlefish.com ssl.google-analytics.com www.google-analytics.com dfsrovckda8bt.cloudfront.net www.google.com maps.google.com maps.google.co.uk *.gstatic.com *.googleapis.com translate.google.com maps-api-ssl.google.com babm.texthelp.com plus.browsealoud.com syndication.twitter.com platform.twitter.com stats.g.doubleclick.net cdn.syndication.twimg.com ton.twimg.com pbs.twimg.com abs.twimg.com https://*.ggpht.com static-v.tawk.to websurveys2.govmetric.com websurveys2.servmetric.com content.govdelivery.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com static-v.tawk.to; connect-src 'self' www.charnwood.gov.uk ssl.google-analytics.com www.google-analytics.com translate.googleapis.com babm.texthelp.com plus.browsealoud.com baspeech.speechstream.net sentry.cuttlefish.com https://stats.g.doubleclick.net *.tawk.to wss://*.tawk.to https://api.mixpanel.com ; frame-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk static.addtoany.com platform.twitter.com syndication.twitter.com www.facebook.com www.facebook.com websurveys.servmetric.com www.youtube-nocookie.com https://e.issuu.com https://www.google.com/recaptcha/ va.tawk.to websurveys2.govmetric.com; media-src 'self' www.charnwood.gov.uk my.charnwood.gov.uk baspeech.speechstream.net; frame-ancestors 'self' www.charnwood.gov.uk my.charnwood.gov.uk; child-src 'self' va.tawk.to; form-action 'self' www.charnwood.gov.uk my.charnwood.gov.uk pa.charnwood.gov.uk va.tawk.to https://public.govdelivery.com/accounts/UKCHARNWOOD/subscribers/qualify; report-uri https://us-central1-domains-174713.cloudfunctions.net/csp?report_only; 1
report-uri https://44481d4b4b55ba9f3c6f633aa6a0c151.report-uri.com/r/d/csp/reportOnly 1
default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 1
script-src 'nonce-eIaFxohNccqCpKrgUtIkuw' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com api.razorpay.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com cdn.razorpay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src member-http.prod.meta-infra.org search-http.prod.meta-infra.org feed-http.prod.meta-infra.org library-http.prod.meta-infra.org login.meta.org 'self' https://api.segment.io https://sdk.split.io https://ekr.zdassets.com https://metaorg.zendesk.com https://sczimetaprod.112.2o7.net https://events.split.io https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://*.appcues.com wss://api.appcues.net https://www.google-analytics.com/ sentry.prod.si.czi.technology stats.g.doubleclick.net; default-src 'self'; font-src 'self' data: https://assets.beta.meta.org/ fonts.gstatic.com; frame-src 'self' https://czi.demdex.net login.meta.org https://*.appcues.com https://fast.wistia.net/; img-src 'self' https://sci-assets-prod.s3.amazonaws.com www.google.com www.google.ca www.google.co.jp www.google.es www.facebook.com www.google.de www.google.co.uk www.gstatic.com www.google-analytics.com https://assets.beta.meta.org/; media-src 'self' https://metascience.wistia.com; object-src 'none'; report-uri https://sentry.prod.si.czi.technology/api/23/security/?sentry_key=3e6b0c6222e64bf5bc9bb3823e5e66a2; script-src https://www.meta.org 'unsafe-inline' 'self' https://cdn.split.io https://cdn.segment.com https://static.zdassets.com https://cdn.tt.omtrdc.net https://chanzuckerberginitia.tt.omtrdc.net https://www.google-analytics.com https://connect.facebook.net https://sczimetaprod.112.2o7.net https://browser.sentry-cdn.com https://*.opendns.com https://*.appcues.com 'sha256-paq8+WqUzSOxxoNbBRGI1F4/BFCYHTJ5UzwJBhUJz7E=' 'sha256-eidyCkg2danG17C9fZzhZldEmrvc2mvl4VTLqUQ6iTA=' 'sha256-JFaR/qkbjWPZg08Af+AbnNmSCKjhm+iiXW9KIhkF0Hk=' 'sha256-m5ynRuriW968nCaqAHEVZh5n23gbkA8SWJce5pg3Hjk=' 'sha256-XJGgf+z+yxS6JUhrhvkSBSSysybBCwBmoKA/NUyW2xs=' 'sha256-oYXDhhrm/6+OlwREVlhp1u3chXAgdEHZIXQDamEj08o='; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://*.appcues.com https://assets.beta.meta.org/ 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'self'; connect-src 'self'; font-src * 'self' data: ; frame-src 'self' https://www.youtube-nocookie.com; img-src * 'self' data: etasmatomo.de.bosch.com:8443 ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' etasmatomo.de.bosch.com:8443 ; style-src * 'self' 'unsafe-inline' data: fast.fonts.net; report-uri /csp_.php; 1
default-src 'none';connect-src * data:;media-src 'self' https: blob:;font-src 'self' data:;img-src 'self' data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:;style-src 'self' 'unsafe-inline';object-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'self';manifest-src 'self';frame-src 'self';worker-src 'self' blob:;upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' blob: https://forms.hubspot.com https://in.hotjar.com https://*.video-cdn.net https://*.akamaihd.net https://*.viega-cdn.net https://www.facebook.com https://www.google-analytics.com https://licensing.bitmovin.com; font-src 'self' https://*.video-cdn.net https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://web-catalog.viega.com https://insight.adsrvr.org https://vars.hotjar.com https://*.video-cdn.net https://www.youtube.com https://www.youtube.com https://e.issuu.com; img-src 'self' data: https://web-catalog.viega.com https://*.hubspot.net https://viegade01.wt-eu02.net https://viega01.webtrekk.net https://*.video-cdn.net https://maps.gstatic.com https://*.googleapis.com https://asset-out-cdn.viega-cdn.net https://forms.hsforms.com https://px.ads.linkedin.com https://track.hubspot.com https://www.facebook.com https://www.google-analytics.com; media-src 'self' https://videocdn-blob-1.akamaized.net https://videocdnvod1-vh.akamaihd.net https://asset-out-cdn.viega-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.video-cdn.net https://www.youtube.com https://s.ytimg.com https://maps.googleapis.com https://e.issuu.com https://responder.wt-safetag.com https://connect.facebook.net https://data.processwebsitedata.com https://forms.hsforms.com https://forms.hubspot.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsforms.net https://js.hsleadflows.net https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fast.fonts.net; plugin-types application/pdf; report-uri https://viega.report-uri.com/r/t/csp/reportOnly 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=www.shopify.co.id&source%5Bsection%5D=brochure&source%5Buuid%5D=2193c65c7e666c175449a6cdb98d28d7 1
default-src 'self'; script-src 'self' 'unsafe-eval' *.googleapis.com www.google-analytics.com 'nonce-7n7FNLKM9HZb72kqRxXVWYTn'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data: *.googleapis.com www.google-analytics.com stats.g.doubleclick.net 'nonce-7n7FNLKM9HZb72kqRxXVWYTn'; font-src 'self' data: *.googleapis.com *.gstatic.com; object-src 'none'; media-src 'self'; frame-src 'self' *.euronext.com/trader/quoteline; base-uri 'self'; connect-src 'self' https://besi.proudreports.nl; report-uri {$settings.csp.connect-uri}; 1
font-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'sha256-Zts4cLVsvDp1E0IxfmO2bmhnIUSxCfHHMP4wl8m8TE8=' 'self'  'unsafe-inline' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'nonce-QnJpZ2h0Q3Jvd2QuY29t' https://maps.googleapis.com/ https://www.google-analytics.com/analytics.js; script-src-elem 'self' 'unsafe-inline' https://maps.googleapis.com/ https://www.google-analytics.com/analytics.js; img-src 'self' data: blob: https://brightcrowd.com https://media.licdn.com https://media-exp1.licdn.com https://platform-lookaside.fbsbx.com https://www.facebook.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://app.snapchat.com/web/deeplink/snapcode; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; report-uri https://su3g0lm6gc.execute-api.us-east-1.amazonaws.com/csp/report 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://trlhvadgdetff1t0lc6gw4oo.httpschecker.net/report 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com store.paradoxlabs.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.authorize.net jstest.authorize.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src data: *.gstatic.com 'self' 'unsafe-inline'; form-action www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com ad.ad-srv.net *.adsrvr.org *.fls.doubleclick.net www.facebook.com opt.kuponacdn.de pptest.payengine.de player.vimeo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.awin1.com *.behance.net bat.bing.com *.cloudfront.net data: stats.g.doubleclick.net googleads.g.doubleclick.net cm.everesttech.net www.facebook.com www.google.com www.google.de *.googleapis.com *.gstatic.com amcglobal.sc.omtrdc.net browser-update.org 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net www.youtube.com js.braintreegateway.com *.adform.net *.amazon.com *.payments-amazon.com js.adsrvr.org www.awin1.com bat.bing.com *.cloudfront.net googleads.g.doubleclick.net www.dwin1.com connect.facebook.net www.google.com *.googleapis.com www.googletagmanager.com www.gstatic.com mastertag.kpcustomer.de opt.kuponacdn.de bam.nr-data.net js-agent.newrelic.com pptest.payengine.de static.shopgate.com the.sciencebehindecommerce.com browser-update.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.amazon.com amcglobal.sc.omtrdc.net dpm.demdex.net stats.g.doubleclick.net the.sciencebehindecommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-src 'self' https://js.driftt.com; https://www.lacework.com; child-src 'self' https://js.driftt.com; https://www.lacework.com; script-src 'self' https://js.driftt.com; https://www.lacework.com; upgrade-insecure-requests 1
default-src 'self';script-src 'unsafe-eval' 'self' 'nonce-Wue6VhbIoq8UDbNghNVu8w==' browser-update.org;object-src 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data:;media-src 'self';frame-src 'self';font-src 'self' fonts.gstatic.com;connect-src 'self';report-uri /api/system/background/csp-report 1
default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com https://secure.trust-provider.com; child-src https://helpdesk.netservicesgroup.com http://openspeedtest.com https://urldefense.proofpoint.com https://quickclick.com; style-src 'self' https://www.netservicesgroup.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' https://secure.comodo.com; script-src 'self' https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://secure.comodo.com 'sha256-YG4fTNWYCHAm4AVC2mnK8Tj09alaJWJTk+LJy+5kHho=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc='; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 1
font-src data: maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com channels.magento.com fonts.gstatic.com qaapp02.xisecurenet.com *.paymetric.com hottools.us15.list-manage.com www.facebook.com facebook.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net https://cert-xiecomm.paymetric.com *.paymetric.com 'self' data: https://hottools.us15.list-manage.com/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.youtube.com www.facebook.com connect.facebook.net amc.demdex.net 5764011.fls.doubleclick.net vars.hotjar.com checkoutshopper-test.adyen.com qaapp02.xisecurenet.com bid.g.doubleclick.net assets.adobedtm.com www.weltpixel.com www.xtento.com fast.amc.demdex.net www.google.com https://public.cobrowse.oraclecloud.com *.mouseflow.com/ *.xisecurenet.com *.paymetric.com https://cert-xiecomm.paymetric.com consent-st.trustarc.com consent.trustarc.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com gethatch.com pixel.quantserve.com stats.g.doubleclick.net www.google.com www.facebook.com *.paypal.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net network-eu-stg.bazaarvoice.com data: checkoutshopper-test.adyen.com www.googleads.g.doubleclick.net www.google.co.in googleads.g.doubleclick.net landofcoder.com cdn.klarna.com www.xtento.com cdn.xtento.com www.magentocommerce.com *.gstatic.com *.cdninstagram.com gallery.mailchimp.com https://www.googletagmanager.com https://qaapp02.xisecurenet.com *.paymetric.com consent-st.trustarc.com consent.trustarc.com consent-pref.trustarc.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com www.googletagmanager.com connect.facebook.net googleads.g.doubleclick.net www.facebook.com qaapp02.xisecurenet.com channels.magento.com cdn.wootric.com cdn-assets.rapidspike.com cdnjs.cloudflare.com *.www.googletagmanager.com tagmanager.google.com *.instagram.com www.google.com www.gstatic.com ajax.cloudflare.com js-agent.newrelic.com https://public.cobrowse.oraclecloud.com *.mouseflow.com/ s3.amazonaws.com *.oraclecloud.com https://qaapp02.xisecurenet.com *.paymetric.com consent.trustarc.com bam.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com channels.magento.com fonts.googleapis.com tagmanager.google.com *.oraclecloud.com *.mouseflow.com/ cdn-images.mailchimp.com https://qaapp02.xisecurenet.com *.paymetric.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://magento.com https://devdocs.magento.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net www.sandbox.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com data-a495851.data.us2.oraclecloud.com www.google-analytics.com dpm.demdex.net amcglobal.sc.omtrdc.net channels.magento.com cdn.wootric.com eligibility.wootric.com wootric-eligibility.herokuapp.com rum-0ea7c26e-a032-4889-89d5-7e0c48a6fb85.rapidspike.com stats.g.doubleclick.net *.oraclecloud.com *.mouseflow.com/ www.instagram.com https://qaapp02.xisecurenet.com *.paymetric.com bam.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.kampyle.com https://*.paypal.com https://*.stripe.com https://*.taboola.com https://*.walkme.com https://api.apiary.io https://api.instagram.com https://appleid.cdn-apple.com https://bat.bing.com https://c.evidon.com https://cache-check.net https://cdn.evbstatic.com https://clicksapp.net https://code.jquery.com https://d2wy8f7a9ursnm.cloudfront.net https://googleads.g.doubleclick.net https://js.braintreegateway.com https://js.driftt.com https://login.microsoftonline.com https://maps.google.com https://munchkin.marketo.net https://platform.twitter.com https://s.pinimg.com https://script.crazyegg.com https://snap.licdn.com https://songbird.cardinalcommerce.com https://ssl.google-analytics.com https://tracker.marinsm.com https://widgets.pinterest.com https://www.google-analytics.com https://www.googleadservices.com https://www.youtube.com ; manifest-src 'self' https://cdn.evbstatic.com ; style-src https: 'unsafe-inline' ; connect-src https: about: https://connect.facebook.net ; object-src https: ; media-src https: ; frame-src https: fbrpc://call ; frame-ancestors https: 'self' ; worker-src blob: 'self' ; font-src https: data: ; img-src https: data: ; form-action 'self' https://*.cardinalcommerce.com https://*.constantcontact.com https://*.mailchimp.com https://*.paypal.com https://*.rabobank.nl https://*.tray.io https://*.twitter.com https://app.hubspot.com https://www.facebook.com https://www.sofort.com ; child-src 'self' ; report-uri https://www.eventbrite.com/ajax/csp-violation/action ; 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.flagman.kiev.ua www.googletagmanager.com www.google-analytics.com yandex.st mc.yandex.ru clck.yandex.ru api-maps.yandex.ru geocode-maps.yandex.ru *.multichannel.demo.owox.com *.retailrocket.ru *.retailrocket.net *.retailrocket.de *.retailrocket.nl *.retailrocket.es *.retailrocket.cl; default-src 'self' fonts.gstatic.com *.flagman.kiev.ua; frame-src *.flagman.kiev.ua vkontakte.ru yastatic.net www.facebook.com vk.com; img-src *.flagman.kiev.ua data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 nullpoint.owox.com *.multichannel.demo.owox.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com *.flagman.kiev.ua; connect-src 'self' mc.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193; object-src 'self' www.youtube.com fonts.gstatic.com *.flagman.kiev.ua; 1
default-src *; style-src *  data: 'unsafe-inline'; img-src *  data:; font-src *  data:; connect-src *; media-src * ; frame-src *;  script-src * data: 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com; 1
default-src 'unsafe-inline' http: https://pixel.wp.com ; script-src http: https://snap.licdn.com  https://js.hs-analytics.net  https:://public-api.wordpress.com https://js.hs-banner.com ; style-src *; img-src 'self' https: data: pixel.wp.com ; connect-src https:; font-src 'self' data:; media-src 'self'; report-uri 'unsafe-inline' http:; frame-src 'unsafe-inline' http:; sandbox allow-forms allow-same-origin allow-scripts; require-sri-for script; upgrade-insecure-requests 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /misc/csp-report.php 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://use.typekit.net/ https://use.typekit.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://use.typekit.net/ https://use.typekit.net/  http://use.typekit.net/ http://www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' http://use.typekit.net/ https://use.typekit.net/; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' http://use.typekit.net/ https://use.typekit.net/ http://p.typekit.net/ https://p.typekit.net/ 1
default-src 'self'; img-src *; style-src 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' *.intuit.com intuit.com *.quickbooks.com quickbooks.com *.square.com square.com *.squareupstaging.com squareupstaging.com *.squareup.com squareup.com; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://simplyinsured.report-uri.com/r/d/csp/reportOnly 1
default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.co.nz:*; frame-ancestors *.calypso.net.au *.flightcentre.co.nz; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1
default-src 'self'; script-src 'self' *.yandex.ru 1
font-src https://stackpath.bootstrapcdn.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://www.google.com https://googleads.g.doubleclick.net https://assets.braintreegateway.com https://tst.kaptcha.com https://ssl.kaptcha.com https://ez-prints.sjv.io https://target-prints.pxf.io 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https://stats.g.doubleclick.net https://www.google.com https://s3.amazonaws.com https://apps.ezprints.com https://maps.gstatic.com https://bat.bing.com https://ez-prints.sjv.io https://target-prints.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://sca1.listrakbi.com https://s1.listrakbi.com https://fp.listrakbi.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://bat.bing.com https://ajax.cloudflare.com https://d.impactradius-event.com https://cdn.listrakbi.com https://s1.listrakbi.com https://at1.listrakbi.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdn.listrakbi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google-analytics.com https://payments.sandbox.braintree-api.com https://origin-analytics-sand.sandbox.braintree-api.com https://payments.braintree-api.com https://client-analytics.braintreegateway.com https://ez-prints.sjv.io https://target-prints.pxf.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com 1
connect-src 'self' https://releases.wagtail.io/; script-src 'self' https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/gtm.js?id=GTM-THR5KJ8 https://js.stripe.com 'unsafe-inline' www.google-analytics.com www.hamilton-trust.org.uk; img-src 'self' hamiltontrust-live-b211b12a2ca14cbb94d6-36f68d2.divio-media.net www.hamilton-trust.org.uk www.google-analytics.com www.gravatar.com; style-src 'self' 'unsafe-inline' www.hamilton-trust.org.uk; default-src 'self' www.googletagmanager.com www.hamilton-trust.org.uk 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://sc020yt0rwhkktjwws4uujxl.httpschecker.net/report 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src 'self' https://hello.myfonts.net https://www.lightboxcdn.com https://s3.lightboxcdn.com https://c1.rfihub.net https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://www.lightboxcdn.com https://lightboxapi.azurewebsites.net https://cdn.boomtrain.com https://lib.paymentjs.firstdata.com https://c1.rfihub.net https://www.googletagmanager.com https://connect.facebook.net https://a.rfihub.com https://maps.googleapis.com cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://docs.paymentjs.firstdata.com https://static.addtoany.com maps.google.com; style-src 'self' https://hello.myfonts.net https://www.lightboxcdn.com https://s3.lightboxcdn.com https://c1.rfihub.net https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.balduccis.com/report-uri/reportOnly 1
child-src 'self'; connect-src 'self' data: http://*.bfmio.com http://*.cloudinary.com http://*.facebook.com http://*.lkqd.net http://*.moatads.com http://*.springserve.com http://*.us.criteo.com http://*.vertamedia.com https://*.adaptv.advertising.com https://*.addthis.com https://*.bfmio.com https://*.cloudinary.com https://*.cmptch.com https://*.cooladata.com https://*.crazyegg.com https://*.facebook.com https://*.g.doubleclick.net https://*.getsentry.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.herokuapp.com https://*.inspectlet.com https://*.intercom.io https://*.intercomcdn.com https://*.licdn.com https://*.lkqd.net https://*.moatads.com https://*.springserve.com https://*.springserve.net https://*.streamrail.net https://*.stripe.com https://*.us.criteo.com https://*.vertamedia.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://onesignal.com https://sentry.io wss://*.inspectlet.com wss://*.intercom.io wss://*.zopim.com; default-src 'self'; font-src 'self' chrome-extension: data: http://*.googleusercontent.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.intercomcdn.com https://*.joinhoney.com https://*.s3.amazonaws.com https://*.splacer.co; frame-src 'self' data: http://*.advertising.com http://*.cloudinary.com http://*.criteo.com http://*.criteo.net http://*.facebook.com http://*.us.criteo.com https://*.addthis.com https://*.advertising.com https://*.cloudfront.net https://*.cloudinary.com https://*.cmptch.com https://*.criteo.com https://*.criteo.net https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.matterport.com https://*.moz.com https://*.s3.amazonaws.com https://*.stripe.com https://*.typeform.com https://*.us.criteo.com https://onesignal.com; img-src 'self' data: http://*.advertising.com http://*.bfmio.com http://*.cloudinary.com http://*.facebook.com http://*.lkqd.net http://*.moatads.com http://*.springserve.com http://*.vidible.tv https://*.addthis.com https://*.ads.linkedin.com https://*.advertising.com https://*.amazonaws.com https://*.bfmio.com https://*.bing.com https://*.cloudfront.net https://*.cloudinary.com https://*.cmptch.com https://*.cooladata.com https://*.crazyegg.com https://*.facebook.com https://*.g.doubleclick.net https://*.ggpht.com https://*.google-analytics.com https://*.google.ae https://*.google.ca https://*.google.ci https://*.google.co.il https://*.google.co.in https://*.google.co.kr https://*.google.co.ma https://*.google.co.th https://*.google.co.uk https://*.google.co.za https://*.google.com https://*.google.com.au https://*.google.com.br https://*.google.com.eg https://*.google.com.kw https://*.google.com.mx https://*.google.com.my https://*.google.com.ng https://*.google.com.np https://*.google.com.om https://*.google.com.ph https://*.google.com.pk https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.vn https://*.google.cz https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.gr https://*.google.it https://*.google.lk https://*.google.nl https://*.google.pl https://*.google.ro https://*.google.ru https://*.google.tt https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.inspectlet.com https://*.intercomassets.com https://*.intercomcdn.com https://*.joinhoney.com https://*.lkqd.net https://*.moatads.com https://*.onesignal.com https://*.outbrain.com https://*.quora.com https://*.splacer.co https://*.springserve.com https://*.springserve.net https://*.streamrail.com https://*.stripe.com https://*.taboola.com https://*.vidible.tv https://*.zendesk.com wss://*.inspectlet.com; manifest-src 'self'; media-src 'self' data: http://*.cloudinary.com https://*.cloudfront.net https://*.cloudinary.com https://*.intercomcdn.com https://*.zdassets.com; object-src 'self' https://*.cmptch.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: http://*.advertising.com http://*.cloudinary.com http://*.criteo.com http://*.criteo.net http://*.facebook.com http://*.lkqd.net http://*.moatads.com http://*.us.criteo.com http://*.vertamedia.com http://*.vidible.tv https://*.addthis.com https://*.addthisedge.com https://*.ads.linkedin.com https://*.advertising.com https://*.amazonaws.com https://*.beachfrontmedia.com https://*.bing.com https://*.bizographics.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.cloudfront.net https://*.cloudinary.com https://*.cmptch.com https://*.cooladata.com https://*.criteo.com https://*.criteo.net https://*.facebook.com https://*.facebook.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.inspectlet.com https://*.intercom.io https://*.intercomcdn.com https://*.licdn.com https://*.linkedin.com https://*.lkqd.net https://*.moatads.com https://*.newrelic.com https://*.nr-data.net https://*.onesignal.com https://*.outbrain.com https://*.quora.com https://*.ravenjs.com https://*.sentry-cdn.com https://*.splacer.co https://*.springserve.net https://*.streamrail.com https://*.stripe.com https://*.taboola.com https://*.us.criteo.com https://*.vertamedia.com https://*.vidible.tv https://*.zdassets.com https://*.zopim.com https://*.zscalertwo.net https://onesignal.com wss://*.inspectlet.com wss://*.intercom.io wss://*.zopim.com; style-src 'self' 'unsafe-inline' data: http://*.googleusercontent.com https://*.amazonaws.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.cmptch.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://*.joinhoney.com https://*.splacer.co https://onesignal.com; worker-src 'self'; prefetch-src 'self'; report-uri https://reports-api.sqreen.io/browser/v0/csp-violations/csp_b712ff430c344451a7b9973dcafa5a57 1
default-src * blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://fls-na.amazon.com/1/batch/2/OE/mid=AF2M0KC94RCEA:sid=144-5824579-9775551:rid=1D2MZDGQRFCWRNWSZ46W:sn=www.audible.com 1
default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.100partnerprogramme.de//csp-violation-ezmd9dpdxv7nb0ecejb9/ 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://dildoking.de https://*.dildoking.de https://stats.g.doubleclick.net https://*.cloudfront.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://connect.nosto.com https://js-agent.newrelic.com https://www.googletagmanager.com https://*.channeladvisor.com https://*.payments-amazon.com https://bam.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.paypal.com https://connect.nosto.com https://*.amazon.com https://bam.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src *.googleapis.com *.facebook.net *.typekit.net *.pingdom.net *.pinterest.com *.google.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.gstatic.com seal-easttexas.bbb.org *.brightcove.com *.brightcove.net *.eccmp.com *.annies-publishing.com *.zencdn.net *.bing.com code.jquery.com *.shareasale.com *.emjcd.com *.opmnstr.com *.googletagservices.com *.googlesyndication.com *.p-n.io api.annies-publishing.com 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob://* data://*; connect-src *.googleapis.com *.facebook.net *.typekit.net *.pingdom.net *.pinterest.com *.google.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.gstatic.com seal-easttexas.bbb.org *.brightcove.com *.brightcove.net *.eccmp.com *.annies-publishing.com *.zencdn.net *.bing.com code.jquery.com *.shareasale.com *.emjcd.com *.opmnstr.com *.googletagservices.com *.googlesyndication.com *.p-n.io api.annies-publishing.com; report-uri /ajax/content_policy_violation.php 1
report-uri /content-security-policy; default-src 'self' *.spravkus.com spravkus.com; img-src 'self' data: *.spravkus.com spravkus.com *.2mdn.net *.google-analytics.com *.doubleclick.net *.googleapis.com *.googlesyndication.com *.googleadservices.com *.gstatic.com www.google.com www.google.ru avatars-fast.yandex.net avatars.mds.yandex.net favicon.yandex.net an.yandex.ru mc.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net api-maps.yandex.ru *.maps.yandex.net *.passport.yandex.ru mc.webvisor.org www.tns-counter.ru images.spravkus.com telegram.org https://*.2mdn.net https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.googlesyndication.com https://*.googleadservices.com https://*.gstatic.com https://www.google.com https://www.google.ru https://avatars-fast.yandex.net https://avatars.mds.yandex.net https://favicon.yandex.net https://an.yandex.ru https://mc.yandex.ru https://banners.adfox.ru https://content.adfox.ru https://ads.adfox.ru https://ads6.adfox.ru https://yastat.net https://api-maps.yandex.ru https://*.maps.yandex.net https://*.passport.yandex.ru https://mc.webvisor.org https://www.tns-counter.ru https://images.spravkus.com https://telegram.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.spravkus.com spravkus.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com www.googletagservices.com *.gstatic.com gstatic.com *.googleapis.com *.google.com google.com *.google-analytics.com adservice.google.ru adservice.google.com an.yandex.ru yandex.st yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru api-maps.yandex.ru *.maps.yandex.net *.market.yandex.ru maxcdn.bootstrapcdn.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://www.googletagservices.com https://*.gstatic.com https://gstatic.com https://*.googleapis.com https://*.google.com https://google.com https://*.google-analytics.com https://adservice.google.ru https://adservice.google.com https://an.yandex.ru https://yandex.st https://yastatic.net https://mc.yandex.ru https://banners.adfox.ru https://ads.adfox.ru https://ads6.adfox.ru https://yastat.net https://yandex.ru https://api-maps.yandex.ru https://*.maps.yandex.net https://*.market.yandex.ru https://maxcdn.bootstrapcdn.com; frame-src 'self' *.spravkus.com spravkus.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com *.gstatic.com gstatic.com *.googleapis.com *.google.com google.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.gstatic.com https://gstatic.com https://*.googleapis.com https://*.google.com https://google.com https://awaps.yandex.net https://yandexadexchange.net https://*.yandexadexchange.net https://yastatic.net https://*.yandex.ru https://banners.adfox.ru https://yastat.net; object-src 'self' *.spravkus.com spravkus.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com *.gstatic.com an.yandex.ru *.yandex.ru *.yandex.net *.yandex.st *.yastatic.net *.yandexadexchange.net yandex.ru yandex.net yandex.st yastatic.net yandexadexchange.net https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.gstatic.com https://an.yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://*.yastatic.net https://*.yandexadexchange.net https://yandex.ru https://yandex.net https://yandex.st https://yastatic.net https://yandexadexchange.net; connect-src 'self' *.spravkus.com spravkus.com *.google-analytics.com pagead2.googlesyndication.com geocode-maps.yandex.ru an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *.market.yandex.ru https://*.google-analytics.com https://pagead2.googlesyndication.com https://geocode-maps.yandex.ru https://an.yandex.ru https://strm.yandex.ru https://mc.yandex.ru https://yandex.st https://yastatic.net https://matchid.adfox.yandex.ru https://adfox.yandex.ru https://ads.adfox.ru https://ads6.adfox.ru https://jstracer.yandex.ru https://yastat.net https://yandex.ru https://*.market.yandex.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.spravkus.com spravkus.com www.google.com *.googleapis.com *.gstatic.com yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net yandexadexchange.net maxcdn.bootstrapcdn.com cdn.jsdelivr.net telegram.org https://www.google.com https://*.googleapis.com https://*.gstatic.com https://yandex.st https://yastatic.net https://banners.adfox.ru https://content.adfox.ru https://yastat.net https://yandexadexchange.net https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://telegram.org; font-src 'self' data: *.spravkus.com spravkus.com *.googleapis.com *.gstatic.com an.yandex.ru yastatic.net yastat.net maxcdn.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com https://an.yandex.ru https://yastatic.net https://yastat.net https://maxcdn.bootstrapcdn.com; form-action 'self' *.spravkus.com spravkus.com *.yandex.ru wl.walletone.com https://*.yandex.ru https://wl.walletone.com; media-src data: *.spravkus.com spravkus.com *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net https://*.yandex.net https://strm.yandex.ru https://*.strm.yandex.ru https://yandex.ru https://yandex.st https://yastatic.net https://banners.adfox.ru https://content.adfox.ru https://yastat.net; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *; report-uri https://www.czarymary.pl/kh/csp_report.php 1
default-src data: *.ihi.com; script-src data: 'unsafe-inline' 'unsafe-eval' *.ihi.com *.liveperson.net *.statcamp.net *.tiqcdn.com *.lpsnmedia.net *.addthis.com *.addthisedge.com *.sitecore.net *.altapaysecure.com ajax.aspnetcdn.com cdnjs.cloudflare.com cdns.amgdgt.com translate.googleapis.com ajax.googleapis.com *.google-analytics.com *.googleadservices.com; style-src 'unsafe-inline' *.ihi.com translate.googleapis.com; img-src data: blob: *.ihi.com bupa.d2.sc.omtrdc.net *.addthis.com lpcdn.lpsnmedia.net *.gstatic.com *.google-analytics.com translate.google.com *.googleadservices.com www.adobe.com; font-src data: *.ihi.com fonts.gstatic.com; connect-src *.ihi.com *.addthis.com *.google-analytics.com; media-src *.ihi.com *.lpsnmedia.net; frame-src *.ihi.com *.lpsnmedia.net *.addthis.com *.sitecore.net *.altapaysecure.com *.liveperson.net *.doubleclick.net  www.bupainternational.com www.google.com; frame-ancestors *.ihi.com *.sitecore.net global.ihi.com; report-uri https://cb7dbe1f57f5ba315d164e874da74dde.report-uri.com/r/d/csp/reportOnly; 1
default-src 'unsafe-inline' 'unsafe-eval'; object-src 'none' 1
default-src https: 'unsafe-eval' 'unsafe-inline';         font-src https: data:;         img-src https: data:;         report-uri https://gaa.report-uri.io/r/default/csp/reportOnly 1
font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.juicer.io *.doubleclick.net www.google.com *.hotjar.com *.spreedly.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.google.com www.google.ca www.facebook.com www.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com www.googletagmanager.com *.ubembed.com chimpstatic.com *.google.com *.hotjar.com *.doubleclick.net connect.facebook.net my.hellobar.com www.gstatic.com *.spreedly.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.paypal.com *.hotjar.com *.hotjar.io www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp/report; report-to report-endpoint; 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://rko-router.herokuapp.com/_csp 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://wombat.smartsheet.com/www; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.salesforceliveagent.com *.youtube.com *.techtarget.com *.ytimg.com *.optimizely.com *.google.com *.gstatic.com *.cookiebot.com *.driftt.com *.marketo.net *.nr-data.net *.google-analytics.com *.googletagmanager.com *.6sc.co *.facebook.net *.inspectlet.com *.licdn.com *.ads-twitter.com *.tvsquared.com *.demandbase.com *.impactradius-event.com *.adnxs.com *.steelhousemedia.com *.g2crowd.com *.newrelic.com *.min.js *.licdn.com *.twitter.com; connect-src 'self' *.amazonaws.com *.i215020.net *.mktoresp.com *.optimizely.com *.6sc.co *.company-target.com *.inspectlet.com *.6sense.com *.nr-data.net; frame-src 'self' *.youtube.com *.optimizely.com *.cookiebot.com *.driftt.com *.doubleclick.net *.facebook.com; img-src 'self' *.ytimg.com *.techtarget.com *.smartsheet.com *.adsymptotic.com *.google-analytics.com *.doubleclick.net *.google.com *.turn.com *.bttrack.com *.co *.linkedin.com *.tvsquared.com *.bidr.io *.facebook.com *.company-target.com *.intentiq.com *.adsrvr.org *.demdex.net *.driftt.com; style-src 'self' 'unsafe-inline'; prefetch-src 'self' *.optimizely.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://moneybird.disqus.com https://disqus.com https://c.disquscdn.com https://connect.facebook.net https://api.instagram.com https://maps.googleapis.com https://bat.bing.com https://cdn.demio.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://c.disquscdn.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com; img-src 'self' https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://referrer.disqus.com https://c.disquscdn.com https://www.google.nl https://www.google.com https://scontent.cdninstagram.com https://maps.gstatic.com https://csi.gstatic.com  https://maps.googleapis.com https://bat.bing.com data:; object-src https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://www.gstatic.com https://moneybird.com https://glitter.services.disqus.com https://homerun.co https://stats.g.doubleclick.net; frame-src https://www.google.com https://www.facebook.com https://disqus.com https://www.youtube.com  https://www.youtube-nocookie.com https://moneybird.clickwebinar.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://moneybird.com/csp_report 1
script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://consent.cmp.oath.com https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ https://*.quantserve.com https://*.quantcount.com https://quantcast.mgr.consensu.org 'unsafe-eval' 'nonce-HwDALo4BUvA5Q6YbEM6M1X3EYC4'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports; 1
default-src 'none'; img-src https://www.proefjes.nl/images/; script-src https://www.proefjes.nl/scripts/; style-src https://www.proefjes.nl/styles/; form-action 'none'; base-uri https://www.proefjes.nl/; frame-ancestors 'none'; 1
default-src 'self' data: https: 'unsafe-inline' http://*.omniupdate.com *.twimg.com http://img.youtube.com d.adroll.mgr.consensu.org s.dca0.com; script-src 'self' 'unsafe-inline' *.emu.edu *.adroll.com script.crazyegg.com www.googletagmanager.com www.youvisit.com *.google-analytics.com pi.pardot.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net api.meritpages.com *.google.com *.googleapis.com *.addthis.com graph.facebook.com *.purechat.com *.purechatcdn.com *.ebscohost.com code.jquery.com 25livepub.collegenet.com widgets.pinterest.com platform.twitter.com instawidget.net *.twimg.com api.darksky.net assets.adobedtm.com embedr.flickr.com widgets.flickr.com s3.amazonaws.com d.adroll.mgr.consensu.org s.dca0.com; report-uri /is/csp/report/ 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: reedexpo-service.com *.youtube-nocookie.com *.googleapis.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' reedexpo-service.com *.googletagmanager.com *.google-analytics.com *.gstatic.com https://www.youtube.com https://*.ytimg.com *.db-app.de https://www.google.com *.googleapis.com *.google.com integration.hotelmap.com googleads.g.doubleclick.net https://www.hotelmap.com https://hotelmap.com https://www.googleadservices.com *.facebook.net https://walls.io https://www.linkedin.com https://px.ads.linkedin.com https://www.googletagmanager.com https://cdn.cookielaw.org https://api.mapbox.com https://app.webreg.me *.onetrust.com; style-src 'self' data: 'unsafe-inline' fast.fonts.net hotelmap.com https://translate.googleapis.com; img-src 'self' data: reedexpo-service.com *.db-app.de *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.com https://*.ytimg.com https://www.google.de https://www.google.com https://www.google.at stats.g.doubleclick.net *.cloudfront.net integration.hotelmap.com hotelmap.com i.travelapi.com https://www.hotelmap.com foto.hrsstatic.com *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' data: *.google-analytics.com reedexpo-service.com stats.g.doubleclick.net *.googleapis.com connect.facebook.net https://www.facebook.com https://cdn.cookielaw.org *.onetrust.com https://s3-eu-central-1.amazonaws.com; font-src 'self' data: fonts.gstatic.com fast.fonts.net; media-src 'self' data:; object-src 'self' data:; child-src 'self' data: *.youtube-nocookie.com https://www.google.com reedexpo-service.com *.google.com https://www.hotelmap.com https://www.googletagmanager.com https://walls.io https://www.facebook.com https://rxosc.messe.at; frame-ancestors 'self' data:; report-uri https://www.fibo.com/?ajax=csp:log 1
font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com www.reedssports.com rum-static.pingdom.net a-52365312.cdn.ns8ds.com *.dotdigital-pages.com r2.dotdigital-pages.com r2-t.trackedlink.net www.google-analytics.com *.google.com www.gstatic.com *.addthis.com *.moatads.com *.addthisedge.com *.newrelic.com *.nr-data.net *.com.imgeng.in *.miss.imgeng.in a-52365312.nscontrol.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net *.integrator.io 1
block-all-mixed-content; report-uri https://www.sportauto.fr/csp?sr=083429e464a9605a3af1f61bbc80feadd225ca6f 1
report-uri https://www.yelp.com/csp_report_only?id=d0a14c2ad310cd46&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=3275ba4c5b0741fb6e8d1b21e9975e80&site=www&timestamp=1601022041; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: https://*.adsrvr.org; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; connect-src https:; font-src data: 'self' https://*.yelp.com https://*.yelpcdn.com https://fonts.gstatic.com https://connect.facebook.net https://cdnjs.cloudflare.com https://apis.google.com https://www.google-analytics.com https://use.typekit.net https://player.ooyala.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; frame-src https: yelp-webview://* yelp://* data:; child-src https: yelp-webview://* yelp://*; media-src https:; object-src 'self'; worker-src blob: https:; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; form-action https: 'self' 1
font-src 'self' https://hello.myfonts.net https://www.lightboxcdn.com https://s3.lightboxcdn.com https://c1.rfihub.net https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://www.lightboxcdn.com https://lightboxapi.azurewebsites.net https://cdn.boomtrain.com https://lib.paymentjs.firstdata.com https://c1.rfihub.net https://www.googletagmanager.com https://connect.facebook.net https://a.rfihub.com https://maps.googleapis.com https://zbtpb.dsp7c.com cdn.rawgit.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://docs.paymentjs.firstdata.com https://static.addtoany.com maps.google.com; style-src 'self' https://hello.myfonts.net https://www.lightboxcdn.com https://s3.lightboxcdn.com https://c1.rfihub.net https://fonts.googleapis.com https://fonts.gstatic.com  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; frame-ancestors 'self'; report-uri https://kingsfoodmarkets.com/report-uri/reportOnly 1
font-src *.gstatic.com *.googleapis.com *.bootstrapcdn.com *.yotpo.com *.fontawesome.com *.klevu.com *.sirv.com *.adyen.com 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.googleapis.com *.google.com/ *.youtube.com *.adyen.com *.trustpilot.com player.vimeo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.ytimg.com 'self' data: *.yotpo.com *.facebook.com *.gstatic.com *.googleapis.com *.adyen.com *.google.com *.google.co.in *.klevu.com *.sirv.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com *.google-analytics.com *.fontawesome.com *.curalate.com *.yotpo.com *.swellrewards.com *.afterpay.com/ *.google.com/ *.gstatic.com *.facebook.com *.facebook.net *.googleapis.com *.klevu.com *.authorize.net *.trustpilot.com *.affiliatefuture.com smct.co *.segment.com *.postcodeanywhere.co.uk *.pcapredict.com *.adyen.com 'self' data: *.sirv.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.yotpo.com *.klevu.com *.postcodeanywhere.co.uk 'self' data: *.sirv.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.paypal.com *.yotpo.com *.authorize.net *.segment.io *.postcodeanywhere.co.uk *.google-analytics.com *.stats.g.doubleclick.net 'self' data: *.sirv.com vimeo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.jollyes.co.uk/; report-to report-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' about: statref.com *.statref.com tetondata.com *.tetondata.com *.google-analytics.com fonts.googleapis.com *.gstatic.com assets.adobedtm.com trk.etrigue.com *.vimeo.com *.youtube.com *.akamaized.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; img-src * data:; report-uri https://online.statref.com/TDSCSPReport 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:;report-uri https://report-uri.baidu.com/report?app=BaiduYun 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com scontent.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src 'self' data: 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://dc.services.visualstudio.com; script-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.msecnd.net; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; sandbox allow-forms allow-same-origin allow-scripts; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *.google.com *.googleapis.com *.googletagmanager.com *.cloudflare.com *.typekit.net *.siteimprove.com *.youtube.com *.vimeo.com *.siteimproveanalytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.googleapis.com *.cloudflare.com *.typekit.net *.siteimprove.com *.siteimproveanalytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.typekit.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.vimeo.com; img-src * 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem:; font-src 'self' *.gstatic.com *.typekit.net; frame-src 'self' *.vimeo.com *.youtube.com *.google.com; 1
report-uri //report-csp-violation 1
script-src spir.hit.gemius.pl track.adform.net ssl.heureka.cz im9.cz c.imedia.cz api.mapy.cz www.heureka.cz *.mapy.cz script.hotjar.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com googleads.g.doubleclick.net connect.facebook.net static.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com api.mapy.cz 'unsafe-inline' 'self'; report-uri /csp 1
default-src 'self';script-src 'self' 'nonce-Eua08CvhW2gP0cDNKNOJ' *.jquery.com *.google.com *.youtube.com *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.aspnetcdn.com ajax.aspnetcdn.com *.googletagmanager.com *.cloudflare.com unpkg.com *.sharethis.com *.ytimg.com;style-src 'self' 'unsafe-inline' *.jquery.com *.google.com *.gstatic.com *.googleapis.com *.aspnetcdn.com stats.g.doubleclick.net;img-src 'self' stats.g.doubleclick.net *.google-analytics.com *.gstatic.com *.googleapis.com *.googleadservices.com *.google.com *.google.co.uk googleads.g.doubleclick.net via.placeholder.com *.sharethis.com data: waspshubmedia.blob.core.windows.net;frame-src 'self' googleads.g.doubleclick.net *.google.com *.google.co.uk *.vimeo.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com;font-src 'self' *.gstatic.com data:;connect-src 'self' query.yahooapis.com *.sharethis.mgr.consensu.org *.pingdom.net *.sharethis.com 1
font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src http: https:; script-src data: 'unsafe-inline' 'unsafe-eval' http: https: blob:; style-src 'unsafe-inline' http: https:; img-src data: http: https:; font-src data: http: https:; connect-src http: https: wss://ws3.hotjar.com; report-uri https://webstores.report-uri.com/r/d/csp/reportOnly; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.doubleclick.net *.zopim.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.paypal.com *.facebook.com *.amazon.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.hotjar.com *.google.com *.doubleclick.net *.paypal.com *.attn.tv *.payments-amazon.com *.facebook.com *.symantec.com *.amazon.com *.braintreegateway.com *.kaptcha.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.facebook.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.bing.com *.googletagmanager.com *.google.com *.google.com.mx *.doubleclick.net *.cloudfront.net gleam.io *.omtrdc.net *.symantec.com *.zopim.com *.attentivemobile.com *.shareasale-analytics.com *.shareasale.com *.dealgenius.com shareasale.com shareasale-analytics.com *.amazon.com *.media-amazon.com *.ssl-images-amazon.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.fontawesome.com *.bing.com *.googletagmanager.com *.hotjar.com *.bugherd.com chimpstatic.com gleam.io *.gleam.io *.doubleclick.net *.google.com *.facebook.net *.gstatic.com *.newrelic.com *.nr-data.net *.zopim.com *.zdassets.com *.symantec.com *.payments-amazon.com *.adobe.net *.bronto.com *.shareasale-analytics.com *.attn.tv shareasale-analytics.com *.elfsight.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src api.magento.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.hotjar.com wss://ws7.hotjar.com/api/v1/client/ws wss://ws5.hotjar.com/api/v1/client/ws wss://ws3.hotjar.com/api/v1/client/ws *.hotjar.io *.facebook.com *.nr-data.net *.zdassets.com *.adobedc.net *.amazon.com *.zopim.com wss://widget-mediator.zopim.com/ *.doubleclick.net *.google-analytics.com *.brontops.com *.braintreegateway.com *.braintree-api.com *.ipify.org *.elfsight.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp.dealgenius.com/endpoint; report-to report-endpoint; 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: *.cloudmaestro.com *.carrierenterprise.com d.la2-c2-ph2.salesforceliveagent.com *.olark.com service.force.com *.doubleclick.net cdn.brcdn.com connect.facebook.net www.facebook.com p.brsrvr.com *.google-analytics.com www.google.com *.googleadservices.com *.googletagmanager.com *.carrierenterprise.ca *.cehvac.com *.homans.com *.vimeo.com *.vimeocdn.com 1
font-src https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' *.nr-data.net *.demdex.net lifewaychristianreso.tt.omtrdc.net *.fullstory.com *.zopim.com *.zdassets.com www.facebook.com wss://widget-mediator.zopim.com www.google-analytics.com *.doubleclick.net s3.amazonaws.com *.s3.amazonaws.com account.lifeway.com account.uat.lifeway.com account.int.lifeway.com; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com *.zopim.com; form-action 'self' *.lifeway.com *.s3.amazonaws.com; frame-src 'self' *.demdex.net platform.twitter.com *.gototraining.com www.facebook.com *.wordsearchbible.lifeway.com www.youtube.com *.vimeo.com account.lifeway.com account.uat.lifeway.com account.int.lifeway.com; img-src 'self' data: blob: *; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.nr-data.net *.lifeway.com connect.facebook.net *.newrelic.com *.pinterest.com platform.twitter.com www.google-analytics.com fullstory.com *.fullstory.com *.zopim.com *.zdassets.com *.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /security/log_csp_report 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
report-uri https://viabovag.report-uri.com/r/d/csp/reportOnly; base-uri 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https:; block-all-mixed-content; default-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net; object-src 'none'; connect-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com https://*.smartsuppcdn.com https://*.smooch.io https://api.adcalls.nl https://api.rollbar.com https://api.rollbar.io https://api.zuko.io https://bootstrap.smartsuppchat.com https://cdn.chatshipper.com https://connect.facebook.net https://dc.services.visualstudio.com https://in.hotjar.com https://plugins.blueconic.net https://server.smartsupp.com https://vc.hotjar.io https://viabovag.blueconic.net wss://server.smartsupp.com; font-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https://*.smartsuppcdn.com https://cdn.smooch.io https://fonts.gstatic.com https://script.hotjar.com; form-action 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net; frame-ancestors 'self' https://www.motor.nl https://www.boschcarservice.com https://www.viabovag.nl/ https://*.www.viabovag.nl/; frame-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com https://*.doubleclick.net https://*.fls.doubleclick.net https://consent.azureedge.net https://consentcdn.cookiebot.com https://vars.hotjar.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' blob: data: https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net http://images.ctfassets.net http://www.googletagmanager.com https://*.smartsuppcdn.com https://cx.atdmt.com https://images.ctfassets.net https://img.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://plugins.blueconic.net https://viabovag.blueconic.net https://www.facebook.com https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com; media-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net http://images.ctfassets.net http://www.googletagmanager.com https://*.smartsuppcdn.com https://cx.atdmt.com https://images.ctfassets.net https://img.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://plugins.blueconic.net https://viabovag.blueconic.net https://www.facebook.com; worker-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com https://www.youtube-nocookie.com https://www.youtube.com; script-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://optimize.google.com http://cdn.blueconic.net http://viabovag.containers.piwik.pro https://*.adform.net https://*.smartsuppcdn.com https://assets.zuko.io https://cdn.blueconic.net https://cdn.chatshipper.com https://cdn.smooch.io https://cdnjs.cloudflare.com https://connect.facebook.net https://consent.azureedge.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://plugins.blueconic.net https://s.ytimg.com https://script.adcalls.nl https://script.hotjar.com https://static.hotjar.com https://storage.googleapis.com https://track.adform.net https://viabovag.blueconic.net https://viabovag.containers.piwik.pro https://www.gstatic.com https://www.smartsuppchat.com https://www.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.viabovag.nl/ https://*.www.viabovag.nl/ https://viabovag-web-p.azureedge.net/ https://daisypstrg.blob.core.windows.net https://*.smartsuppcdn.com https://cdn.smooch.io https://fonts.googleapis.com https://plugins.blueconic.net https://viabovag.blueconic.net 'unsafe-eval' 'unsafe-inline' 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline' *.jivosite.com; connect-src https: wss://*.jivosite.com; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'self'; script-src https://assets.learn.groklearning-cdn.com 'nonce-YXFIlUiy1jM8uFAwG1wwWipP' https://groklearning.com https://vendor.learn.groklearning-cdn.com https://beacon-v2.helpscout.net https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net connect.facebook.net https://www.google-analytics.com; style-src https://assets.learn.groklearning-cdn.com 'unsafe-inline' https://fonts.googleapis.com https://beacon-v2.helpscout.net https://djtflbt20bdde.cloudfront.net https://vendor.learn.groklearning-cdn.com; img-src 'self' data: https://groklearning-cdn.com https://assets.learn.groklearning-cdn.com https://oldpreview.comp.gl www.facebook.com web.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://www.paypalobjects.com https://d33v4339jhl8k0.cloudfront.net https://beacon-v2.helpscout.net https://www.gravatar.com; connect-src 'self' https://groklearning-cdn.com https://assets.learn.groklearning-cdn.com wss://realtime.groklearning.com wss://terminals.groklearning.com wss://sandbox.comp.gl wss://*.sandbox.comp.gl https://*.sandbox.comp.gl https://preview.comp.gl https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.groklearning.io https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com *.sumologic.com sentry.io https://docs.groklearning.io; font-src https://assets.learn.groklearning-cdn.com https://vendor.learn.groklearning-cdn.com data: https://fonts.gstatic.com; object-src https://beacon-v2.helpscout.net; media-src https://assets.learn.groklearning-cdn.com https://groklearning-cdn.com https://beacon-v2.helpscout.net; frame-src 'self' https://vendor.learn.groklearning-cdn.com dualsite-cybersecurity.comp.gl dualsite-pxtmicrobit.comp.gl dualsite-scratch.comp.gl https://beacon-v2.helpscout.net staticxx.facebook.com *.sandbox.comp.gl preview.comp.gl *.preview.comp.gl https://oldpreview.comp.gl; child-src 'self' dualsite-cybersecurity.comp.gl dualsite-pxtmicrobit.comp.gl dualsite-scratch.comp.gl *.facebook.com; form-action 'self' https://www.paypal.com; base-uri https://docs.helpscout.com; report-uri /csp/report-violation/ 1
connect-src 'self' apay-us.amazon.com api.braintreegateway.com api.sandbox.braintreegateway.com beaconapi.helpscout.net chatapi.helpscout.net client-analytics.braintreegateway.com coin.amazonpay.com core32-helpscout.pusher.com core33-helpscout.pusher.com d3hb14vkzrxvla.cloudfront.net origin-analytics-sand.sandbox.braintree-api.com payments-sandbox.amazon.com payments.amazon.com payments.braintree-api.com payments.sandbox.braintree-api.com sock32-helpscout.pusher.com sock33-helpscout.pusher.com sockjs-helpscout.pusher.com stats.g.doubleclick.net www.amazon.com www.facebook.com www.google-analytics.com www.paypal.com wss://ws-helpscout.pusher.com; frame-ancestors 'none'; font-src 'self' data: *; form-action 'self' apay-us.amazon.com payments.amazon.com www.facebook.com; frame-src 'self' accounts.google.com apay-us.amazon.com api-cdn.amazon.com assets.braintreegateway.com c.paypal.com pay.google.com payments.amazon.com static-na.payments-amazon.com web.facebook.com www.facebook.com www.google.com www.paypal.com www.sandbox.paypal.com www.youtube.com; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' device.maxmind.com ajax.cloudflare.com apay-us.amazon.com apis.google.com bat.bing.com beacon-v2.helpscout.net c.paypal.com connect.facebook.net converter.dynamicconverter.com detect.dynamicconverter.com js.braintreegateway.com optimize.google.com pay.google.com payments-sandbox.amazon.com payments.amazon.com s.ytimg.com static-na.payments-amazon.com static.cloudflareinsights.com tagmanager.google.com www.googleapis.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.paypal.com www.paypalobjects.com www.youtube.com; style-src 'self' 'unsafe-inline' *; object-src 'none'; report-uri https://divegearexpress.report-uri.com/r/d/csp/wizard 1
script-src 'nonce-XM8bqasf2KycJgXR00-agA' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/webmaster/chrome; base-uri 'none' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; report-uri /_/tools/cspr.php 1
connect-src 'self' https://s.yimg.com https://rtr.innovid.com https://*.yahoo.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://*.yahoo.net https://ad.doubleclick.net; style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://*.btrll.com data: blob:; img-src 'self' data: blob: about: https://*.yimg.com https://*.yahoo.com https://sb.scorecardresearch.com https://*.doubleclick.net https://*.adsafeprotected.com https://*.googlesyndication.com; frame-ancestors https://*.techcrunch.com https://*.huffingtonpost.com https://*.aol.com https://*.yahoo.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=US&lang=en-US&device=desktop&yrid=alhg9q5fmqucm&partner=; 1
default-src 'self'; img-src 'self' https://www.comune.palermo.it// https://s.bookcdn.com/ https://www.google-analytics.com https://www.googleapis.com https://www.google.com https://clients1.google.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://widgets.booked.net https://connect.facebook.net https://cse.google.com https://www.google-analytics.com https://clients1.google.com; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src https://www.facebook.com https://staticxx.facebook.com https://youtube.com; connect-src 'self' https://www.google-analytics.com; 1
default-src 'none'; base-uri 'self' http://vetomat.net; connect-src 'self' http://vetomat.net; font-src 'self' 'strict-dynamic' https://vetomat.net/ http://vetomat.net 'nonce-FlQcNo6xxxCbdIP2R4ZvzDkzN4enRIio7Bntxg5efpt2ZMQZJQfAoApvCKYko6H7YxO4E03jynuNebunRsjVjAySctaZkiRvHBL2djKiUNRFTb8jrSJ0N29O9u7wTLcZ'; form-action 'self' http://vetomat.net; frame-ancestors 'self' http://vetomat.net; frame-src 'self' http://vetomat.net; child-src 'self' http://vetomat.net; img-src 'self' http://vetomat.net; manifest-src 'self' http://vetomat.net; media-src 'self' http://vetomat.net; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https://vetomat.net/ 'nonce-FlQcNo6xxxCbdIP2R4ZvzDkzN4enRIio7Bntxg5efpt2ZMQZJQfAoApvCKYko6H7YxO4E03jynuNebunRsjVjAySctaZkiRvHBL2djKiUNRFTb8jrSJ0N29O9u7wTLcZ'; style-src 'self' 'unsafe-inline' https://vetomat.net/ http://vetomat.net; upgrade-insecure-requests 1
script-src ajax.googleapis.com a.opmnstr.com track.adform.net ssl.heureka.cz im9.cz c.imedia.cz api.mapy.cz www.heureka.cz *.mapy.cz script.hotjar.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com googleads.g.doubleclick.net connect.facebook.net static.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com api.mapy.cz 'unsafe-inline' 'self'; report-uri /csp 1
font-src *.cloudflare.com *.twitter.com https://www.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com 'self' data: cdn.checkout.com *.postcodeanywhere.co.uk https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.google.com *.trustpilot.com *.checkout.com *.cookiebot.com *.postcodeanywhere.co.uk https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.google.com *.google.co.uk *.zopim.com *.doubleclick.net *.gstatic.com d23yuld0pofhhw.cloudfront.net *.googletagmanager.com *.postcodeanywhere.co.uk *.bing.com *.zdassets.com *.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com https://www.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://www.google.com *.googletagmanager.com *.googlecommerce.com *.doubleclick.net *.trustpilot.com *.zopim.com *.zdassets.com *.payments-amazon.com *.amazon.com *.local.com *.googleapis.com *.checkout.com *.pcapredict.com *.trackedweb.net *.cookiebot.com *.adyen.com *.postcodeanywhere.co.uk *.mouseflow.com *.newrelic.com *.nr-data.net *.bing.com *.zendesk.com *.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.checkout.com *.trackedweb.net *.postcodeanywhere.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.amazon.com 'self' wss: *.checkout.com *.trackedweb.net *.postcodeanywhere.co.uk *.google-analytics.com *.doubleclick.net *.nr-data.net *.zendesk.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net www.youtube.com maps.googleapis.com cdn.ampproject.org www.gstatic.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' https://www.google.com https://www.gstatic.com https://api.sandbox.braintreegateway.com https://api.braintreegateway.com https://browser-update.org https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src *; form-action 'self'; report-uri /API/csp-report.php 1
default-src www.trueweb.ee websockets.pinal.ee; frame-ancestors www.trueweb.ee websockets.pinal.ee; frame-src www.trueweb.ee websockets.pinal.ee www.google.com; font-src data: 'self' www.trueweb.ee websockets.pinal.ee fonts.gstatic.com; style-src 'unsafe-inline' 'self' www.trueweb.ee websockets.pinal.ee fonts.googleapis.com; connect-src 'self' www.trueweb.ee websockets.pinal.ee; img-src blob: data: 'self' www.trueweb.ee websockets.pinal.ee www.facebook.com; script-src 'unsafe-inline' 'unsafe-eval' www.trueweb.ee websockets.pinal.ee www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com connect.facebook.net www.facebook.com; base-uri 'self'; form-action 'self'; 1
default-src 'self' *.callbackhunter.com callbackhunter.com ws://callbackhunter.com wss://callbackhunter.com *.cbh.lc cbh.lc ws://*.cbh.lc ws://cbh.lc wss://*.cbh.lc wss://cbh.lc https://mc.yandex.ru https://fonts.gstatic.com https://*.doubleclick.net https://*.google.com https://*.google.ru *.facebook.com https://*.facebook.com https://ajax.googleapis.com *.youtube.com https://youtube.com; img-src 'self' data: *.callbackhunter.com callbackhunter.com *.cbh.lc cbh.lc vk.com https://vk.com t.co https://mc.yandex.ru *.google-analytics.com https://www.google-analytics.com https://analytics.twitter.com *.facebook.com https://*.facebook.com https://*.google.com https://*.google.ru https://*.doubleclick.net *.adroll.com https://*.adroll.com https://pixel.rubiconproject.com ads.yahoo.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net; style-src 'self' 'unsafe-inline' *.callbackhunter.com callbackhunter.com *.cbh.lc cbh.lc *.googleapis.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.callbackhunter.com callbackhunter.com *.cbh.lc cbh.lc *.vimeocdn.com vk.com mc.yandex.ru https://mc.yandex.ru *.googleadservices.com *.google-analytics.com https://www.google-analytics.com *.twitter.com https://*.twitter.com *.facebook.net https://connect.facebook.net *.adroll.com https://*.adroll.com https://ajax.googleapis.com *.oneretarget.com https://*.oneretarget.com; child-src 'self' *.callbackhunter.com callbackhunter.com *.cbh.lc cbh.lc *.vimeo.com *.youtube.com https://youtube.com *.youtube-nocookie.com https://youtube-nocookie.com googleads.g.doubleclick.net *.google.com *.google.ru; report-uri /csp/index 1
connect-src 'self' sentry.io *.plumbnation.co.uk host-9ffeki.api.swiftype.com bat.bing.com in.hotjar.com knrpc.olark.com stats.g.doubleclick.net vc.hotjar.io www.google-analytics.com www.google.com; font-src 'self' *.plumbnation.co.uk data: script.hotjar.com fonts.gstatic.com; form-action 'self' pay.realexpayments.com; frame-src pay.realexpayments.com www.google.com bid.g.doubleclick.net secure.barclaycard.co.uk static.olark.com storage.googleapis.com tpc.googlesyndication.com vars.hotjar.com www.paypalobjects.com www.securesuite.co.uk; img-src 'self' *.plumbnation.co.uk data: bat.bing.com f.monetate.net googleads.g.doubleclick.net log.olark.com paypal-eu-arh.cloudiq.com sb.monetate.net stats.g.doubleclick.net t.paypal.com www.google-analytics.com www.google.co.uk www.google.com www.google.com.hk www.google.com.pk www.google.hr www.googletagmanager.com www.paypal.com www.google.com.sg www.google.es www.google.nl; manifest-src 'self'; script-src-elem 'self' www.googletagmanager.com *.plumbnation.co.uk pagead2.googlesyndication.com www.google.com www.gstatic.com 'unsafe-inline' adservice.google.co.uk adservice.google.com api.olark.com assets.olark.com bat.bing.com browser.sentry-cdn.com f.monetate.net googleads.g.doubleclick.net paypal-eu-cdn.cloudiq.com script.hotjar.com se.monetate.net static.hotjar.com static.olark.com tpc.googlesyndication.com www.google-analytics.com www.googleadservices.com www.paypal.com www.paypalobjects.com knrpc.olark.com; style-src-elem *.plumbnation.co.uk 'unsafe-inline' cdn.datatables.net static.olark.com storage.googleapis.com; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; report-uri https://plumbnation.report-uri.com/r/d/csp/wizard 1
font-src https://static.juicer.io *.gstatic.com *.klevu.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://maps.gstatic.com https://www.google.rs https://www.google.com *.klevu.com https://stats.g.doubleclick.net https://scontent.cdninstagram.com https://assets.juicer.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com js.authorize.net jstest.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com https://maps.googleapis.com https://chimpstatic.com *.klevu.com *.juicer.io *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.klevu.com *.juicer.io https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com http://www.juicer.io https://cdn.rawgit.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://*.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://*.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws:; report-uri /csp-violation-report-endpoint/ 1
default-src 'self' syndication.twitter.com; script-src js.trentino.com 'unsafe-inline' 'unsafe-eval' player.peer.tv stats.peer.biz platform.twitter.com apis.google.com; img-src 'self' data: images2.trentino.com css.trentino.com www.hotel-guide.it player.peer.tv stats.peer.biz carto.peer.biz www.gravatar.com syndication.twitter.com api.trustyou.com; style-src 'self' 'unsafe-inline' css.trentino.com js.trentino.com; font-src css.trentino.com; frame-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; child-src 'self' player.peer.tv www.facebook.com platform.twitter.com apis.google.com accounts.google.com www.youtube.com; report-uri https://csp-report.peer.biz/reportOnly/index 1
worker-src 'self'; connect-src 'self' https://www.paypal.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://vc.hotjar.io https://*.visualwebsiteoptimizer.com https://in.hotjar.com https://ct.pinterest.com https://fast.a.klaviyo.com https://fast.a.klaviyo.com https://telemetrics.klaviyo.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.addtoany.com https://assets.adobedtm.com https://cdn-scripts.signifyd.com https://googleads.g.doubleclick.net https://imgs.signifyd.com https://submit.activedemand.com https://analytics.twitter.com https://script.hotjar.com https://in.hotjar.com https://chimpstatic.com https://dev.visualwebsiteoptimizer.com https://a.klaviyo.com https://connect.facebook.net https://fast.a.klaviyo.com https://s.pinimg.com https://s.pinimg.com https://s.ytimg.com https://static.ads-twitter.com https://static.hotjar.com https://static.klaviyo.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://vendor1.quickspark.com https://www.paypalobjects.com https://www.paypal.com https://maps.googleapis.com; object-src 'none'; report-uri https://csp.firstscribe.com/frenchpaper.com; 1
default-src 'self' *.facebook.com *.fbcdn.net *.google-analytics.com *.doubleclick.net *.bing.com secure.adnxs.com *.google.com *.google.it go.turboadv.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.bing.com *.turboadv.com;               style-src 'self' 'unsafe-inline' fonts.googleapis.com;              font-src 'self' fonts.gstatic.com;              report-uri /none; 1
default-src 'self' https://www.deca.com.br; connect-src 'self' https://api-catalog-develop.deca.com.br https://api-catalog-staging.deca.com.br https://api-catalog.deca.com.br https://dc.services.visualstudio.com https://in.hotjar.com https://sentry.hotjar.com https://vc.hotjar.io https://www.google-analytics.com https://www.deca.com.br; font-src 'self' https://script.hotjar.com https://static.hotjar.com https://www.deca.com.br; frame-src 'self' https://6739606.fls.doubleclick.net https://vars.hotjar.com https://www.facebook.com https://www.deca.com.br; child-src 'self' https://6739606.fls.doubleclick.net https://vars.hotjar.com https://www.facebook.com https://www.deca.com.br; img-src 'self' https://cdn.deca.com.br https://decablob.blob.core.windows.net https://dwvya9fp9kx3t.cloudfront.net https://files.deca.com.br https://googleads.g.doubleclick.net https://produtos.deca.com.br https://s3-sa-east-1.amazonaws.com https://s3.amazonaws.com https://stats.g.doubleclick.net https://www-prod.deca.com.br https://www.deca.com.br https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.com.br; script-src 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://az416426.vo.msecnd.net https://cdn.inspectlet.com https://cdn.onesignal.com https://connect.facebook.net https://deca.com.br https://develop.deca.com.br https://onesignal.com https://script.hotjar.com https://staging.deca.com.br https://static.hotjar.com https://www-prod.deca.com.br https://www.deca.com.br https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'unsafe-inline' https://ajax.googleapis.com https://deca.com.br https://develop.deca.com.br https://staging.deca.com.br https://www-prod.deca.com.br https://www.deca.com.br 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://maps.google.com https://m.addthis.com https://www.youtube.com/iframe_api https://www.youtube.com http://www.youtube.com http://dev.openlayers.org https://dev.openlayers.org https://m.addthisedge.com https://s7.addthis.com https://apis.google.com https://googleads.g.doubleclick.net https://unpkg.com  https://use.fontawesome.com https://pro.fontawesome.com http://www.amcharts.com https://platform.twitter.com https://ssl.p.jwpcdn.com https://www.google-analytics.com https://records-ws.nbnatlas.org https://use.typekit.net https://www.googleadservices.com https://mc.us16.list-manage.com https://www.googletagmanager.com https://tagmanager.google.com https://downloads.mailchimp.com https://code.jquery.com https://maps.googleapis.com https://connect.facebook.net   https://downloads.mailchimp.com https://csi.gstatic.com; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' http://dev.openlayers.org https://tagmanager.google.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://downloads.mailchimp.com https://use.fontawesome.com https://p.typekit.net https://use.typekit.net https://pro.fontawesome.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com https://pro.fontawesome.com  https://maxcdn.bootstrapcdn.com; frame-src 'self'  https://www.google.com https://s7.addthis.com https://e.issuu.com https://apis.google.com/ https://www.youtube.com/ https://staticxx.facebook.com/ https://accounts.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.facebook.com/ https://web.facebook.com/; object-src 'self'; connect-src 'self' https://m.addthis.com https://syndication.twitter.com  https://performance.typekit.net/ ; media-src 'self' blob: https://e5c5a7c5.ssl.hwcdn.net; worker-src 'self' blob:; frame-ancestors 'self'; base-uri 'self' 1
default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=home&source%5Bdomain%5D=en.shopify.no&source%5Bsection%5D=brochure&source%5Buuid%5D=43a610d90ab43558526b4fa359d9b512 1
font-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; child-src 'self' www.google.com www.google.com/recaptcha/ secure.livechatinc.com https://*.hotjar.com https://vars.hotjar.com http://*.hotjar.io https://*.hotjar.io pliki.drukomat.pl; connect-src 'self' ajax.googleapis.com https://www.google-analytics.com analytics.google.com stats.g.doubleclick.net googleads.g.doubleclick.net sentry.drukomat.co api.livechatinc.com cdn.livechatinc.com secure.livechatinc.com wss://api.livechatinc.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io https://vc.hotjar.io:* wss://*.hotjar.com www.facebook.com shops-si.trustedshops.com trustbadge.api.etrusted.com api.trustedshops.com pliki.drukomat.pl; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdn.livechatinc.com themes.googleusercontent.com netdna.bootstrapcdn.com http://*.hotjar.com https://*.hotjar.com http://script.hotjar.com https://script.hotjar.com http://*.hotjar.io https://*.hotjar.io use.fontawesome.com widgets.trustedshops.com www.mojenakupy.sk; frame-src www.google.com www.googletagmanager.com bid.g.doubleclick.net tpc.googlesyndication.com www.youtube.com www.facebook.com secure.livechatinc.com https://*.hotjar.com https://vars.hotjar.com http://*.hotjar.io https://*.hotjar.io c.imedia.cz pliki.drukomat.pl; img-src 'self' data: www.googletagmanager.com https://www.google-analytics.com ssl.google-analytics.com google.com translate.google.com translate.googleapis.com www.googleadservices.com www.gstatic.com ssl.gstatic.com googleads.g.doubleclick.net stats.g.doubleclick.net doubleclick.net cdn.livechatinc.com secure.livechatinc.com http://*.hotjar.com https://*.hotjar.com https://script.hotjar.com http://script.hotjar.com http://*.hotjar.io https://*.hotjar.io www.facebook.com l.facebook.com connect.facebook.net www.gravatar.com i.ytimg.com cx.atdmt.com px.ads.linkedin.com www.linkedin.com p.adsymptotic.com widgets.trustedshops.com c.imedia.cz ib.adnxs.com www.google.ae www.google.at www.google.ba www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ug www.google.co.uk www.google.cz www.google.com www.google.com.au www.google.com.bo www.google.com.br www.google.com.co www.google.com.ec www.google.com.np www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.ge www.google.gl www.google.gr www.google.hu www.google.hr www.google.ie www.google.it www.google.iq www.google.je www.google.lt www.google.lu www.google.lv www.google.me www.google.mk www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.sk www.google.si pliki.drukomat.pl; media-src 'self' cdn.livechatinc.com secure.livechatinc.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com ajax.googleapis.com/ajax/libs/jquery/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.googleadservices.com www.google.com tpc.googlesyndication.com googleads.g.doubleclick.net doubleclick.net accounts.livechatinc.com secure.livechatinc.com cdn.livechatinc.com cdn.tinymce.com code.jquery.com netdna.bootstrapcdn.com 'unsafe-eval' http://*.hotjar.com https://*.hotjar.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com http://*.hotjar.io https://*.hotjar.io connect.facebook.net snap.licdn.com widgets.trustedshops.com sk.search.etargetnet.com c.imedia.cz pliki.drukomat.pl 'sha256-Pkrk7EQUCze/+y2ieQcihkqf20ngyO1o8p0bLJqEUEg=' 'sha256-sN2JfK4DItW+tHEvTPTRUlVsTp6P99J+1UtsJiAzbJQ=' 'sha256-J28m+KfipY9skgQSQHiWGcSLu/r+9MNLMkdmblaToRY='; style-src 'self' translate.googleapis.com fonts.googleapis.com code.jquery.com cdn.livechatinc.com secure.livechatinc.com netdna.bootstrapcdn.com widgets.trustedshops.com use.fontawesome.com; report-uri https://sentry.drukomat.co/api/6/security/?sentry_key=0a78d5cc04564c5d8a0ffffe654389bb 1
font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.youtube.com js.braintreegateway.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.sportstargear.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.google.com *.twitter.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.facebook.com *.google.com *.sportstargear.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.google.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.net *.googletagmanager.com *.doubleclick.net *.sportstargear.com data: 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com *.sportstargear.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.doubleclick.net *.google-analytics.com *.sportstargear.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.sportstargear.com/; report-to report-endpoint; 1
connect-src 'self' *.tctm.com *.insights.hotjar.com;default-src 'self';frame-ancestors 'self';frame-src 'self' *.flightview.com *.vimeo.com;media-src 'self' *.example.com;object-src 'none';report-uri https://bb8.agencehpj.com/csp;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hpjcc.com www.youtube.com www.gstatic.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net js-agent.newrelic.com unpkg.com code.jquery.com ssl.google-analytics.com bat.bing.com *.tctm.com pi.pardot.com static.hotjar.com bam.nr-data.net www.google.com connect.facebook.net script.hotjar.com maps.googleapis.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;img-src 'self' data: https: www.google-analytics.com;style-src 'self' 'unsafe-inline' https: data: fonts.googleapis.com; 1
report-uri /content-security-policy; default-src 'self' *.askgeek.io askgeek.io; img-src 'self' data: *.askgeek.io askgeek.io *.2mdn.net *.google-analytics.com *.doubleclick.net *.googleapis.com *.googlesyndication.com *.googleadservices.com *.gstatic.com www.google.com *.disquscdn.com referrer.disqus.com *.amazon-adsystem.com *.ssl-images-amazon.com avatars-fast.yandex.net avatars.mds.yandex.net favicon.yandex.net an.yandex.ru mc.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.passport.yandex.ru mc.webvisor.org https://*.2mdn.net https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.googlesyndication.com https://*.googleadservices.com https://*.gstatic.com https://www.google.com https://*.disquscdn.com https://referrer.disqus.com https://*.amazon-adsystem.com https://*.ssl-images-amazon.com https://avatars-fast.yandex.net https://avatars.mds.yandex.net https://favicon.yandex.net https://an.yandex.ru https://mc.yandex.ru https://banners.adfox.ru https://content.adfox.ru https://ads.adfox.ru https://ads6.adfox.ru https://yastat.net https://*.passport.yandex.ru https://mc.webvisor.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.askgeek.io askgeek.io *.doubleclick.net *.googlesyndication.com *.googleadservices.com *.googletagservices.com *.googletagmanager.com *.gstatic.com gstatic.com *.googleapis.com *.google.com google.com adservice.google.ru *.google-analytics.com disqus.com *.disqus.com *.disquscdn.com *.amazon-adsystem.com an.yandex.ru yandex.st yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru *.market.yandex.ru https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.googletagservices.com https://*.googletagmanager.com https://*.gstatic.com https://gstatic.com https://*.googleapis.com https://*.google.com https://google.com https://adservice.google.ru https://*.google-analytics.com https://disqus.com https://*.disqus.com https://*.disquscdn.com https://*.amazon-adsystem.com https://an.yandex.ru https://yandex.st https://yastatic.net https://mc.yandex.ru https://banners.adfox.ru https://ads.adfox.ru https://ads6.adfox.ru https://yastat.net https://yandex.ru https://*.market.yandex.ru; frame-src 'self' *.askgeek.io askgeek.io *.doubleclick.net *.googlesyndication.com *.googleadservices.com *.gstatic.com gstatic.com *.googleapis.com *.google.com google.com disqus.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.gstatic.com https://gstatic.com https://*.googleapis.com https://*.google.com https://google.com https://disqus.com https://awaps.yandex.net https://yandexadexchange.net https://*.yandexadexchange.net https://yastatic.net https://*.yandex.ru https://banners.adfox.ru https://yastat.net; object-src 'self' *.askgeek.io askgeek.io *.doubleclick.net *.googlesyndication.com *.googleadservices.com *.gstatic.com an.yandex.ru *.yandex.ru *.yandex.net *.yandex.st *.yastatic.net *.yandexadexchange.net yandex.ru yandex.net yandex.st yastatic.net yandexadexchange.net https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.gstatic.com https://an.yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.st https://*.yastatic.net https://*.yandexadexchange.net https://yandex.ru https://yandex.net https://yandex.st https://yastatic.net https://yandexadexchange.net; connect-src 'self' *.askgeek.io askgeek.io *.google-analytics.com pagead2.googlesyndication.com csi.gstatic.com an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru *.market.yandex.ru https://*.google-analytics.com https://pagead2.googlesyndication.com https://csi.gstatic.com https://an.yandex.ru https://strm.yandex.ru https://mc.yandex.ru https://yandex.st https://yastatic.net https://matchid.adfox.yandex.ru https://adfox.yandex.ru https://ads.adfox.ru https://ads6.adfox.ru https://jstracer.yandex.ru https://yastat.net https://yandex.ru https://*.market.yandex.ru; style